Internet Explorer 8 PoC: Twitter forced-tweet demo

Chris Evans | 4 Sep 00:38

Picon

Internet Explorer 8 PoC: Twitter forced-tweet demo

Hi,

In an attempt to get this bug fixed...

A nasty vulnerability exists in the latest Internet Explorer 8. I have been unsuccessful in persuading the vendor to issue a fix.

The bug permits -- for example -- an arbitrary web site to force the victim to make tweets.

(For academic research purposes only)

Harmless example: http://scary.beasts.org/misc/twitter.html

This is not weaponized. It won't do anything to your Twitter account unless you press the button.

Notes:

- This is purely an IE bug; there is no fault on behalf of Twitter and there is no reasonable workaround.

- Similar attacks can be mounted against other sites of interest.

- There's evidence to suggest that Microsoft has been aware of this since at least 2008.

- This could interact unpleasantly with the trust people place in URL shorteners.

- This probably affects earlier versions.

References:

- Public CMU academic paper: http://websec.sv.cmu.edu/css/css.pdf

- A less serious variant in all the other major browsers (long since fixed by all of them): http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html

Cheers

Chris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Navigate

Go to gmane.comp.security.full-disclosure.

Topic

Go to the topic.

Project Web Page

An unmoderated version of bugtraq

Search Archive

Language

Change language

Options

Current view: Threads only / Showing whole messages / Not hiding cited text.
Change to All messages, shortened messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane