[NT] IE Gopher View Cross Site Scripting

From: support@securiteam.com
Date: 06/17/02


From: support@securiteam.com
To: list@securiteam.com
Date: Mon, 17 Jun 2002 22:01:56 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  IE Gopher View Cross Site Scripting
------------------------------------------------------------------------

SUMMARY

Internet Explorer 5 allows cross site scripting while its in gopher view.
This would allow an attacker to cause the execution of arbitrary
JavaScript and HTML.

DETAILS

Impact:
The usual cross site scripting attack consequences are subject here. Your
script must fit into a finite amount of character space or it will be
truncated thus making it fail.

Exploit:
In order to duplicate this attack you can use gn gohperd, and add the
following malicious ".cache" file:
Name=<script>alert('When can we see the source code bill?')</script>
Path=0/hrmm
Type=0
Host=10.0.1.234
Port=70

Next open the link <gopher://10.0.1.234/1> gopher://10.0.1.234/1, and an
alert box will appear.

ADDITIONAL INFORMATION

The information has been provided by <mailto:dotslash@snosoft.com> KF.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • Re: Cross-Site Tracing attack
    ... You mean a "cross site scripting" attack? ... This is where someone can save HTML or javascript into your database. ... This server is running Microsoft Server 2000, IIS 5, MSDE ...
    (microsoft.public.inetserver.iis.security)
  • PHPWCMS - Directory traversal vulnerability,CSS attack
    ... Attack: Directory traversal vulnerability,CSS ... phpwcms is an Open Source web content management system. ... sensitive data. ... to a cross site scripting attack. ...
    (Bugtraq)
  • [Full-disclosure] ExLibris Aleph and Metalib Cross Site Scripting Attack
    ... ExLibris Aleph and Metalib Cross Site Scripting Attack ... 13/07/2007 Vulnerability was logged in ExLibris Customer Relationship ...
    (Full-Disclosure)
  • ExLibris Aleph and Metalib Cross Site Scripting Attack
    ... ExLibris Aleph and Metalib Cross Site Scripting Attack ... Multiple versions of the ExLibris Aleph and Metalib products are vulnerable to simple XSS (Cross Site Scripting ... The vulnerability allows an attacker to run commands on the local computer if the attacker convinces the user to view a malicious URL. ...
    (Bugtraq)
  • [NEWS] ICQ Web Portal Multiple Cross Site Scripting Vulnerability
    ... ICQ Web Portal Multiple Cross Site Scripting Vulnerability ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)