navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: HTML5 Web Storage Loophole

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs HTML5 Web Storage Loophole
Expert Contributor 1st Mar, 2013 22:09
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK

HTML5 Web Storage loophole can be abused to fill hard disks with junk data
Most browsers don't restrict the amount of data that websites can store through HTML5 Web Storage, researcher says

By Lucian Constantin
March 1, 2013 10:34 AM ET

IDG News Service - A security researcher has found a loophole in how the HTML5 Web Storage standard is implemented in the Google Chrome, Internet Explorer and Apple Safari browsers that could allow malicious websites to fill visitors' hard disk drives with large amounts of junk data.

HTML5 Web Storage defines an API (application programming interface) that allows websites to store more data inside browsers than was previously possible by using cookies, which are restricted to a size of maximum 4KB.

The localStorage attribute of the Web Storage API allows websites to store between 2.5MB and 10MB of data per origin -- domain name -- depending on the browser used. Google Chrome enforces a limit of 2. MB, Mozilla Firefox a limit of 5MB and Internet Explorer a limit of 10MB.

However, the Web Storage standard warns that some websites might attempt to circumvent the storage limit by storing data from their subdomains. "User agents should guard against sites storing data under the origins other affiliated sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit," according to the standard, published by the World Wide Web Consortium.

"Chrome, Safari, and IE currently do not implement any such 'affiliated site' storage limit," Web developer and security researcher Feross Aboukhadijeh said Wednesday in a blog post. Since website owners can generate subdomains at will, they can exploit this loophole to effectively gain unlimited storage space on visitors' computers, he said.

Aboukhadijeh created a proof-of-concept website that uses this trick to fill visitors' hard disk drives with junk data. The site was tested with Chrome 25, Safari 6, Opera 12 and IE 10, and was capable of writing 1GB of data every 16 seconds on a Macbook Pro equipped with a solid state drive (SSD), the researcher said.

- See more at: http://www.computerworld.com/s/article/9237259/HTM...

--

No one has replied to this thread yet - be the first
This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+