Re: CSS, CSS & let me give you some more CSS

From: - phinegeek - (phine@anonymous.to)
Date: 01/29/02 

Date: Tue, 29 Jan 2002 12:47:29 -0800
From: "- phinegeek -" <phine@anonymous.to>
To: tmorgan-security@kavi.com
('binary' encoding is not supported, stored as-is) >Ok, so I am a little confused. My understanding of CSS is that an
>attacker is trying to reach a victim through a 3rd party website.
>For instance, I post a message to a message board that contains
>javascript, and it runs on a victim's machine, who viewed that
>message.
>
>The reason I am confused is that, all of your supposed CSS vulns are
>directed at search scripts. Do the queries you are entering get
>stored on the website, for later viewing by OTHER users? It doesn't
>seem likely. The only person you could exploit would be, well,
>yourself.
>
>Maybe I have completely missed the boat on this one, and if so,
>please explain how I could attack someone ELSE with these...

Ah, Good Question.
I wouldn't have posted it if it couldn't be utilized in such a way. You can exploit these types of CSS vulns by causing your victim to process a specially formatted url that is from the trusted source(with your code in it). This is somewhat similar to the concept that many virus writers have used to spread their payload via e-Mail file attachments(relying on the fact that most people are stupid enough to open them). Of course, you will need to make sure that GET is supported as the HTTP method for the 3rd party site(usually is). Message board CSS vulns are kinda obvious. These types take a little more thought and are also harder to detect because of the fact that there is no evidence(as would be on a message board). However, you might be able to catch this by analyzing your logs. Its really much easier to use proper coding techniques and not have to worry about lame bugs like this. Hope it helps.

'phine

------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click 'Contact Us.'

Relevant Pages

  • Re: CSS, CSS & let me give you some more CSS
    ... attacker is trying to reach a victim through a 3rd party website. ... The reason I am confused is that, all of your supposed CSS vulns are ... > Security Focus: ...
    (Vuln-Dev)
  • Re: Anyone interested in Critiquing some pages from my new self defense book?
    ... >The attacker can't let go so easily because I've trapped his hands ... The knee is being safely bent from behind. ... Jeff Imada. ... Imagine that same book with a link to a website where Jeff ...
    (rec.martial-arts)
  • Re: Need assistance with website accessibility
    ... I am a student in a Scottish University, ... impairments to test my website. ... the same site but with CSS and thus hopefully much more accessible. ... get some interest if you don't try dragging folks into your ...
    (uk.people.disability)
  • Re: Web page not centering tables, updating live site content & CS
    ... The problem might be with your ISP or whoever hosts your webpage. ... I tried setting up a website with Shaw, here in Canada, a number of times, only to be frustrated with my pages sometimes updating and sometimes not. ... site's structure and layout right before i worry about the CSS styles. ...
    (microsoft.public.frontpage.client)
  • Re: Background in my website
    ... My instructions to Novato will get you there, but if you want to do it ... A cute use of this method is to create non-javascript, CSS rollover buttons. ... Background in my websiteYour CSS can display it once anywhere you ... >>> Conversation: Background in my website ...
    (microsoft.public.frontpage.programming)