Monthly Archives: June 2010

Crowzers or Carzy Browsers:

I need to translate this word first:
Carzy Browsers = Crowsers

Now, I want to share some odd behaviour of browsers with you. Let’s make them Crazy!

 1- First, we load a URL in an IFrame. Then, we load another website on the same frame. Now, by using “javascript:window.history.go(0)”, it will change the IFrame SRC to the first URL,  but it keeps the 2nd website on the IFrame!

 Try it here: http://0me.me/demo/crowzers/irsdl/addressbar_halt.html

 Which Browsers?

  – Mozilla Firefox 3.6.6

  – IE7

  – IE8

 2- We want to lock the address bar in different browsers by using “onblur” and “onload” events with “this.focus()”.

 Try it here: http://0me.me/demo/crowzers/irsdl/iframe_src_fool.html

 Which Browsers?

  – Mozilla Firefox 3.6.6

  – IE7

  – IE8

  – Opera 10.54

 3- We want to stop the browsers from working by using infinite loops and so on.

 Try it here: http://0me.me/demo/crowzers/irsdl/halt.html

 Which Browsers?

  – Mozilla Firefox 3.6.6: Halted with Mozilla Crash Reporter

  – IE7: Halted

  – IE8: Halted

  – Safari 5: Crashed on “javascriptcore.dll”

Good luck!

Opera Browser – Scroll Information Leakage

In Opera Browser, “scrollTop” and “scrollLeft” properties of a frame are accessible through the main page. This may lead to cross site information leakage.

Tested Platform: Opera <= 10.54 AND 10.60 RC (Build 3443)

Proof of Concept:

http://0me.me/demo/opera_scroll_leak/test_scroll.html

UPDATE:
Why is it really an issue?

I think it is one kind of bypassing same origin policy. All other famous browsers are secured against this method.
My point is: If you use “#” character, you can jump to a certain point of page in case having that Element’s ID.
It is shown in my proof of concept if you look at:
I used two URLs with different Element IDs to collect the user’s information from Facebook:
First, by using the following URL, I can check if the user is logged-in in facebook. It will jump to “#pass” point which is only available in case of having login form at the top of the page.
Then, as there is a SMS subscription on the Opera Browser Wall (http://www.facebook.com/Opera) when you are the fan, I can find it out by using “#sms_status_subscribe” in the following URL:
 
And that’s why…!