Public Site Vulnerability Research

July 10, 2012

toStaticHTML: The Second Encounter (CVE-2012-1858)

HTML Sanitizing Bypass - CVE-2012-1858

Introduction

The toStaticHTML component, which is found in Internet Explorer > 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content.

If an attacker is able to break the filtering mechanism and pass malicious code through this function, he/she may be able to perform HTML injection based attacks (i.e. XSS).

It has been a year since the first encounter was published, we've now returned with a new bypass method.

Vulnerability

An attacker is able to create a specially formed CSS that will overcome toStaticHTML's security logic; therefore, after passing the specially crafted CSS string through the toStaticHTML function, it will contain an expression that triggers a JavaScript call.

Continue reading "toStaticHTML: The Second Encounter (CVE-2012-1858)" »

Posted by on July 10, 2012 in Public Site Vulnerability Research, Research, Web Application Security | | Comments (1) | TrackBack (0)

| |

July 21, 2011

Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability (CVE-2011-1252)

HTML Sanitizing Information Disclosure - CVE-2011-1252
Introduction
The JavaScript function toStaticHTML, which is found in Internet Explorer 8 and Internet Explorer 9 is used to sanitize
HTML fragments from dynamic and potentially malicious content.
If an attacker is able to break the filtering mechanism and pass malicious code through this function, he/she may be
able to perform HTML injection based attacks (i.e. XSS).

Vulnerability

An attacker is able to create a specially formed CSS that after passing through the toStaticHTML function will contain

an expression that will trigger a JavaScript call.

 

The following JavaScript code will demonstrate the vulnerability:

Continue reading "Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability (CVE-2011-1252)" »

Posted by on July 21, 2011 in Public Site Vulnerability Research, Research, Web Application Security | | Comments (0) | TrackBack (0)

| |

June 13, 2007

Squeezing the Avocado

The debate over Ethical Hacking goes on in increasing fury. It rages in convention-panels, TV shows, blogs, and security-companies' lunchrooms everywhere.

The debates rage all over, except where it counts: in the legislative bodies wherever they may be.

Criminals or heroes, common sense versus legal philosophies, ownership issues, and other elements all tie into this debate which sometimes loses focus on what the real issue is. The broken bridge between two worlds: the technical world and the corporate world. Two groups that speak completely different languages, unable to convey their point of view in a way that could even be appreciated by the other side.

“What do property issues have anything to do with security?” The hackers might ask “We’re only helping”.

The corporate managers might look dumbly and shrug. “Property is for the lawyers,” they will say, “Security? Well, we have an IT department for that.”

Continue reading "Squeezing the Avocado" »

Posted by on June 13, 2007 in Public Site Vulnerability Research | | Comments (0) | TrackBack (0)

| |

Follow us on Twitter

IBM Application Security Insider
IBM Application Security Insider

AppScan Free Trial


Try IBM Security AppScan software at no charge.

Search

Recent Posts

Archives

Categories

Pages

Become a Fan