Safari for windows remote arbitry file upload

2007.08.19
Credit: laurent gaffi
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2007-4424
CWE: CWE-Other


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Product: Safari browser for windows Tested on: Last version ( 3.0.3 ) Download url :http://www.apple.com/safari/ Demo url: http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_67 2x416.mov Bug: Remote arbitry file upload Impact: Critical Fix Available: No ------------------------------------------------------- 1) Introduction 2) Bug 3) Proof of concept 4) Conclusion =============== 1) Introduction =============== "Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one." ====== 2) Bug ====== safari browser doesn't prompt for a download, it just download the file and send it directly on the desktop, which is totally unsecure on a windows operating system. ================== 3)proof of concept ================== http://dams083.free.fr/tmp/index.php ( will upload a .pif directly on your desktop without any prompt ... ) ============= 4) Conclusion ============= Any potentially dangerous file should be prompted(like .exe , .com , .pif , etc ) before uploading the file .


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top