[NT] CSS Bug in Browser Testing Script
From: support@securiteam.comDate: 04/29/02
- Previous message: support@securiteam.com: "[NEWS] IndiaTimes.com - Email - Session hijacking and Inbox Blocking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 29 Apr 2002 09:12:44 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
CSS Bug in Browser Testing Script
------------------------------------------------------------------------
SUMMARY
A security vulnerability in the browser testing scripts utilized by some
web sites has been found. The vulnerability is a classic cross-site
scripting vulnerability that would allow attackers to insert HTML and
JavaScript code into existing web pages and pose them as though they were
legitimate web pages coming from the site.
DETAILS
The script allows remote JavaScript injection though its "returnto="
option that also might allow directory transversal with Unicode type
characters, (some sites have the returnto parameter in a hidden field)
here is an example:
http://somesite/tests/browsertest.asp?returnto= This has the effect as most CSS bugs.
ADDITIONAL INFORMATION
The information has been provided by <mailto:Dcow0130@aol.com> Dcow0130.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Microsoft Internet Explorer allow attackers to execute arbitrary code, ... A remote code execution vulnerability exists in the way Internet Explorer ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... A buffer overflow vulnerability within Internet Explorer allows attackers ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Improper memory and user input handling with Internet Explorer allows ... A remote code execution vulnerability exists in the way Internet Explorer ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... A remote code execution vulnerability exists in Microsoft Agent in the way ... Internet Explorer by setting the kill bit for the control in the registry. ...
(Securiteam)
