IE8 through the XSS Filter method-vulnerability warning-the black bar safety net

ID MYHACK58:62200922045
Type myhack58
Reporter 佚名
Modified 2009-02-02T00:00:00


Vulnerability Description: The IE8 is Microsoft's new launch of a browser, which is for CSS2. 1 The complete support, HTML5 support, built-in development tools, and so on. IE8 in Browser security on a very big improvement, the built-in one cannot be uninstalledXss Filter, the non-persistent cross site scripting attack to do a better protection. But 80sec in test IE8 when found IE8Xss Filter the presence of vulnerability, leading in some Eastern countries version of Reagan this cannot prevent the URL Xss, such as in the Chinese version, the use of some simple data you can Bypass off IE8's Filter policy.

Vulnerability sites:

Vulnerability analysis: since IE8 Xss Filter the filter to take when coding is a system built-in encoding, in the Chinese version will be the gb2312, and in some other Oriental countries also will use the corresponding wide-byte encoding. Submit a illegal coding sequence such as%c1<will be IE8 as a normal Oriental character to the Filter keyword matching, and in the page display, because page own will specify an encoding such as UTF-8, etc., in the analytical time%c1<is not a valid UTF8 encoding, so that you will be treated as two characters, resulting in a<bypassing the check, this inconsistency leads to a vulnerability.

Vulnerability proof: suppose there is a web script:

<? php header("Content-Type: text/html; charset=utf-8"); echo $_GET[c]; ?& gt;

In Oriental countries the system of the IE8, if the conventional toXSSsuch as:

. php? c=<script>alert()</script>

Will be IE8 security policy blocked, but if submitted

. php? c=%c1<script>alert()</script>

The code can bypass the ie8xss filter and perform.

Vulnerability status: notify the vendor, wait for a response.