exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Skype Remote Scripting Injection

Skype Remote Scripting Injection
Posted May 8, 2011
Authored by Rohit Bansal | Site secniche.org

This advisory discusses a re mote scripting injection issue with Skype on Mac OS X.

tags | advisory
systems | apple, osx
SHA-256 | 709d209d6b139b30f4f885a39c7413251dcb2f639592c6e221e4bcd8027a2517

Skype Remote Scripting Injection

Change Mirror Download
Recently, we have came across about the news on SKYPE 0
results in remote exploitation on MAC OS. However, we have also
discovered the same pattern of vulnerability in Skype two months ago. Due to
testing reasons, we were not indulged in the process of reporting it to
vendor because we were looking at the malware paradigm related to this
vulnerability(whether it can be exploited to download malware in MAC OSX).

Firstly, we are not sure whether the researchers are talking about the same
vulnerability. This is because we have seen the news but the vulnerability
details are missing everywhere. So our team thought to take a step in this
direction. We are presenting the details of the vulnerability that we
discovered in Skype running over MAC OS.

JavaScript is used extensively in all web related platforms. Skype
application on MAC OS uses JavaScript too (most of the chatting client uses
that, so not a big deal). This vulnerability does not impact the Skype
running over windows and Linux. Skype fails to instantiate between the
payloads that are sent as hyperlinks in the chat window. Only the legitimate
users in the client list of victim can exploit it. The attacker only
requires a definitive payload to exploit this issue. Basically, we call it
as a Skype Remote Scripting (Injection).

In order to trigger this vulnerability, you need to find a vulnerable
website that can be used as an agent to send our payload. For example:
attacker can use third party vulnerable website to trigger scripting
injection in Skype (MAC OS). Generally, certain truth prevails as follows

1. If an attacker sends a remote script payload as
[script]alert(document.location);[script];skype filters this injection on
chat engine which is quite normal. We have used square brackets (for
representation) but for real injections one has to use angle brackets as XSS

2. Skype(MAC OS) fails to filter the injection in which payload is sent as a
part of third part vulnerable website hyperlink as follows

A = http://www.vulnerablewebsite.com/index.php?url=
B = [script]alert(document.location);[script]

Skype fails to treat it as one hyperlink as (A+B). As a result, B part
executes in the context of Skype(MAC OS) thereby resulting in remote
scripting in the skype.

3. Attacker can use DOM injections to write arbitrary content in the chat
window. There can be advanced variations of it.

4. We know MAC runs applications with extensions .app, it is possible to
download malicious applications through skype. One can also trigger Safari
automatically using DOM calls such as "window.open".

5. This vulnerability does not require any user interaction and runs payload
directly. One has to be careful because it can execute content in both chat
windows if an attacker and victim is using Skype (MAC OS). Attacker can use
Skype on Windows and Linux in order to execute this attack.

Some of the POC's are presented in the below mentioned snapshots which
supports the execution of this vulnerability.




Rohit Bansal
Secniche Security
Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By