CVE-2010-0314

Apple Safari - URL Redirect Target Disclosure via Stylesheet LINK Element

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0314. PoCs published by Cesar Cerrudo.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Apple Safari by leveraging a CSS stylesheet reference and JavaScript to reveal the full path of the stylesheet. The PoC uses a simple HTML snippet with a script that alerts the href of the first stylesheet after a delay.

Description

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · textremotewindows

https://www.exploit-db.com/exploits/33563

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Apple Safari by leveraging a CSS stylesheet reference and JavaScript to reveal the full path of the stylesheet. The PoC uses a simple HTML snippet with a script that alerts the href of the first stylesheet after a delay.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apple Safari (versions affected by CVE-2010-0314)

No auth needed

Prerequisites: Victim must visit a malicious webpage or a webpage with the exploit code

MITRE ATT&CK