"Yesterday, at the Blackhat DC security conference, I spoke about the dangers of persistent web browser storage. Part of the talk focused on how emerging web browser storage solutions such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5
specification, could be attacked on sites with existing cross-site
scripting (XSS) vulnerabilities. The overall message is that while such
technologies have built in controls
to protect against attacks such as SQL injection (SQLi), when secure
technologies are implemented on insecure sites, protections become
meaningless.
Both Gears and HTML 5 Database Storage, permit web
applications to store content in local relational databases, which
reside on the local file system by leveraging the SQLite database format. This provides powerful functionality as web applications can now be taken offline as was recently done with Gmail.
At the same time, it adds a new attack vector as persistent data can
now potentially be attacked on the desktop, not just the server. Given
that we're dealing with a relational database, is client-side SQL
injection (csSQLi) possible? Unfortunately, the answer is yes and it's
not simply a theoretical attack, it's very practical thanks to the
significant prevalence of XSS vulnerabilities." -Zscalar
I used to work with Michael at SPI Dynamics and he's a great guy. He is also the author of 'Fuzzing' by Addison Wesley.
Read more: http://research.zscaler.com/2009/02/practical-example-of-cssqli-using.html
