This vulnerability is cute but not very useful mainly because a lot of social engineering is required.
However, here is an interesting thought for you: instead of asking the user into bookmarking a page you can supply the bookmark directly to their browser by using Live Bookmarks. So, a mainstream attack will be when a SPLOG network injects malicious links into their feeds. If someone happens to be subscribed to this network with a Live Bookmark and they click on it... well you know. I haven't tested this, although it should work. So, although I would rate this issue as low risk, it could as well be quite high or at least medium. cheers On 2/22/07, Michal Zalewski <[EMAIL PROTECTED]> wrote: > On Thu, 22 Feb 2007, pdp (architect) wrote: > > > michal, is that a feature or a bug? maybe it is not obivous to me what > > you are doing but it i feel that it is almost like asking the user to > > bookmark a bookmarklet. > > Bookmarklets should be bookmarkable only manually, with user knowledge and > consent (that is, you need to copy-and-paste the URL, etc). This seems to > be the case for javascript: URLs. > > Here, the situation is different: the user can, and quite likely will, > unknowingly bookmark a script while attempting to bookmark a regular page > via Ctrl-D + <return>. He doesn't expect or want this code to later run in > the context of his start page or any other resource (principle of least > astonishment, etc, etc). > > Cheers, > /mz > -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/