[NEWS] Altavista BabelFish XSS Hole
From: support@securiteam.comDate: 09/16/02
- Previous message: support@securiteam.com: "[NT] Microsoft Internet Explorer % Encoding Security Issue (CSS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 16 Sep 2002 14:51:37 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Altavista BabelFish XSS Hole
------------------------------------------------------------------------
SUMMARY
Babelfish is Altavista's automated translation tool. It is used by the
various "Translate" links on the site and in search results. A malformed
translation can result in cross-site scripting. By requesting a
translation of HTML, it is possible to execute script code as the
AltaVista domain.
DETAILS
Initially, this hole presented a unique challenge -- exploiting the
vulnerability so that the JavaScript code would not change, even when
applied across two languages. However, Babelfish creates a textarea with
the supplied data still intact, so exploitation is much easier. By
starting the translation with "</TEXTAREA>", an attacker can cause the
original data to be launched as well.
ADDITIONAL INFORMATION
The information has been provided by <mailto:mattmurphy@kc.rr.com>
Matthew Murphy.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Microsoft Internet Explorer % Encoding Security Issue (CSS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
