Tuesday, June 27, 2006

AppleWebKit - Exploit

This is not good:

DR001 : AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability
Discovered 2005-02-13
Published 2005-04-16
Discoverer David Remahl
CVE IDs CAN-2005-0976

XMLHttpRequest is a JavaScript component that allows scripts to perform http queries and read their result. The attack described herein requires that the attacker has the ability to place an HTML file on the victim's system and predict its path. By exploiting AppleWebKit's special treatment of XMLHttpRequest when running from a file: document, the attacker can gain read access to any file on the system with a known path that the user running the browser has access to.

Apple WebKit