26 February, 2011 § Leave a comment
Some of the possible uses of this attack would be to:
- Spam the user with advertisements
- Increase visits to another website
- Spread malware
In this proof of concept, I used the following as the “color” setting for my profile:
red' onmouseout='window.open("http://www.msu.edu/~weinjare/ad.html", "", "height=220,width=450");return false;
I’ll try to explain the source code above. The HTML that is generated for the page uses single quote characters to specify attributes. Adding a single quote to the setting, appearing after the word “red”, allows arbitrary HTML to be injected within the page. The following code is treated as another attribute for the element, adding an event handler for when a mouse moves on to the element and then leaves the element.
The value of the attribute starts with a single quote and lacks an ending quote. This is because the generation of the HTML will append a single quote to the value. This will allow the generated HTML to remain valid.
To show this in action, I created the following video:
26 December, 2010 § 3 Comments
Yesterday I published “Multiple Monitor Full Screen“, my first public extension to Google Chrome. I just wrapped up shooting a simple walkthrough video of the extension:
Right now the extension only works on non-embedded videos hosted by YouTube and Vimeo. I looked in to adding support for Hulu but they appear to be doing some funny things to restrict this. In the near future I would like to add support for embedded YouTube/Vimeo videos.
26 November, 2009 § 1 Comment
I used the Closure Library and the Closure Compiler for this little exercise.
These two alone make these tools worth checking out. I hope to gain more experience with the Library soon, and should have more to post about it.