With Google offering $20,000 for a Chrome sandbox exploit, Apple releasing fresh security updates, and the organisers allowing researchers to target mobile phone basebands, it was sure make for an interesting Pwn2Own contest at CanSecWest this year.
For the fifth year running, Pwn2Own invited security researchers to discover vulnerabilities and develop exploits for the most popular browsers on Mac OS X and Windows (for some reason Linux is left out this year). Traditionally IE, Firefox and Safari have gotten exploited, with Chrome being the last browser standing at last year’s competition. Google upped the ante by making it significantly more attractive to target their browser this year.
In short: Safari, Internet Explorer, iPhone and Blackberry were all successfully compromised. Chrome and Firefox survive. Hit the jump for the full details! Read more
Cross-site Scripting (or XSS) is a common web application vulnerability with varying levels of severity. Generally the capabilities of a XSS are limited to the locations of vulnerable inputs and outputs, and crafting complex XSS payloads can be a time-consuming process.
XSS-Track (cached) helps simplify cross-site scripting by allowing the attacker to silently track the user across the entire site, using a single embedded XSS. It does this by cleverly creating a full-window invisible iFrame, and maintaining control of that window as the user browses the site. This also allows the attacker to look for valuable pieces of information, such as passwords or credit card numbers.
Combining XSS-Track with the older XSS-Shell script, which turns the browser into a zombie of sorts, could give an attacker a significant amount of power over infected sites and their users.