Re: CSS, CSS & let me give you some more CSS

From: tmorgan-security@kavi.com
Date: 01/29/02 

Date: Tue, 29 Jan 2002 11:30:27 -0800
From: tmorgan-security@kavi.com
To: - phinegeek - <phine@anonymous.to>

Ok, so I am a little confused. My understanding of CSS is that an
attacker is trying to reach a victim through a 3rd party website.
For instance, I post a message to a message board that contains
javascript, and it runs on a victim's machine, who viewed that
message.

The reason I am confused is that, all of your supposed CSS vulns are
directed at search scripts. Do the queries you are entering get
stored on the website, for later viewing by OTHER users? It doesn't
seem likely. The only person you could exploit would be, well,
yourself.

Maybe I have completely missed the boat on this one, and if so,
please explain how I could attack someone ELSE with these...

Now if you showed me that I could slip SQL into one of these search
boxes, then I would call that a vulnerability...

tim

On Tue, Jan 29, 2002 at 12:31:21AM -0800, - phinegeek - wrote:
> A little while back I posted some info on a CSS bug I found on ebay,
> http://securityfocus.com/archive/82/246275.
> Just about every site(not joking) you go to has this type of vulnerability, its nothing new. Luckily, CSS vulns are very easy to fix, after they are discovered.
> However, you shouldn't have to wait until your site is prefixed with "Cross Site Scripting" on a Bugtraq posting. These types of errors, as well as many other similar(but less threatening) types are the product of careless programming practices.
> All you need is a method(call it SecureHTML()) that you run all your input through, before it gets displayed back to the user. This method would be used throughout your site in a modularized fashion.
> Isn't this how we should be doing it anyway???
> This simple principle can also be used for input that becomes part of an SQL statement(call it SecureSQL()) to guard against sql injection.
> Just modularize your code folks and make sure all your developers use the methods when dealing with input.
> Its really that simple.
> This is also not new, I guess you could call it prevention?
>
> and heres some fun.. alot of Security issues =]
>
> Security Focus:
> http://securityfocus.com/
> (copy and paste the text below in the search box just like it is)
> CSS OR "><SCRIPT><!-- ..tsk tsk tsk.. --></SCRIPT>"
>
> Digital Security:
> http://www.eeye.com/html/forms/recommend.html?u=eeye.com/>alert('Digital+Security?');</SCRIPT>
>
> Internet Security:
> http://www.iss.net/search.php?pattern=>alert('Internet+Security?');</script>
>
> Linux Security:
> http://search.linuxsecurity.com/cgi-bin/htsearch?words="><script>alert('Linux+Security?')</script>
>
> Macintosh Security:
> http://www.macintoshsecurity.com/search.php?query="><SCRIPT>alert('Macintosh+Security?')</SCRIPT>
>
> Social Security??:
> http://www.ssa.gov/online/forms.html
> (copy and paste the text below in the search box just like it is)
> Social Security <SCRIPT>alert('Social Security?');</SCRIPT>
>
>
> 'phine
>
> p.s. none of the sites above have been notified.
> If I were to tell them, I would feel guilty and have to tell the others I know about(too many), then I would have to quit my night job.
>
> ------------------------------------------------------------
> This email was sent through the free email service at http://www.anonymous.to/
> To report abuse, please visit our website and click 'Contact Us.'

Relevant Pages

  • Re: CSS, CSS & let me give you some more CSS
    ... >attacker is trying to reach a victim through a 3rd party website. ... >The reason I am confused is that, all of your supposed CSS vulns are ... This email was sent through the free email service at http://www.anonymous.to/ ...
    (Vuln-Dev)
  • RE: Pen-Test and Social Engineering
    ... "see...your network security is penetrable". ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • RE: Pen-Test and Social Engineering
    ... "see...your network security is penetrable". ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • RE: Nortel Contivity 2600
    ... simplicity and security is a combination of things that have been suggested. ... Put the inside interface in a DMZ of its own with an IPS device between ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping ...
    (Pen-Test)
  • RE: Windows XP SP2 and Security Tools
    ... issues that were in SP2. ... Windows XP SP2 and Security Tools ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
    (Pen-Test)