Re: <BASE> tag used for hijacking external resources (XSS)
Makes sense as a trick to bypass some crappy XSS filters that look
forstrings like "javascript:", but I don't think it's a vulnerability
in itself.
On Fri, Dec 16, 2011 at 5:20 PM, Jann Horn <jannhorn@googlemail.com> wrote:
>
> 2011/12/15 Bouke van Laethem <vanlaethem@gmail.com>:
> > ISSUE:
> > The <base> tag is parsed outside of <head></head>. This can lead to
> > the base being reset, both before and after the <base> tag being
> > injected, depending on browser types and versions. As a result, images
> > and javascript can be loaded from an attackers domain, and forms and
> > hyperlinks point to the attackers domain.
>
> Erm... so you're basically assumint that the attacker can inject stuff
> into the page? If that's the case, you should have other issues than
> your links getting altered or so, no? E.g. what about javascript
> injection?
--
=93There's a reason we separate military and the police: one fights the
enemy of the state, the other serves and protects the people. When the
military becomes both, then the enemies of the state tend to become
the people.=94
討論串 (同標題文章)
完整討論串 (本文為第 7 之 7 篇):