[NT] Proxomitron Cross-Site Scripting Vulnerability
From: support@securiteam.comDate: 07/29/01
- Next message: support@securiteam.com: "[NEWS] Search Engines HTML Parsing Vulnerability (Lycos)"
- Previous message: support@securiteam.com: "[EXPL] Pic LPd Remote Exploit (QUEUE)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NT] Proxomitron Cross-Site Scripting Vulnerability Message-Id: <20010729061220.B6B45138BF@mail.der-keiler.de> Date: Sun, 29 Jul 2001 08:12:20 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
Proxomitron Cross-Site Scripting Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://spywaresucks.org/prox/> Proxomitron, allows users using special
HTML filters, to transform web pages on the fly - changing most anything
they wish, to speed up web page downloads. A security vulnerability in the
product allows attackers to inject JavaScript code to the HTML code sent
by the remote site.
DETAILS
Vulnerable systems:
* Proxomitron Naoko-4 BetaFour and earlier
Immune systems:
* Proxomitron Naoko-4 BetaFive
If an attackers sends the following URL to a user using Proxomitron as a
Proxomitron will produce something like this:
Causing the JavaScript code to be executed.
Therefore, a malicious JavaScript code written by an attacker can be
ADDITIONAL INFORMATION
The information has been provided by <mailto:takagi@etl.go.jp> TAKAGI,
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
proxy:
http://www.example.com:9999/
(NOTE: The TCP port 9999 is assumed to be an inactive port)
<html><head><title>The Proxomitron Reveals...</title>
...
The Proxomitron couldn't connect to...<br>
<font color=#ffff00 size=+1 >
www.example.com:9999/<SCRIPT>document.write(document.domain)</SCRIPT>
</font><br>
The site may be busy or the web server may be down.
...
executed in the browser and the Cookies issued from an arbitrary specified
site can be stolen.
Hiromitsu.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
