Re: CSS, CSS & let me give you some more CSS

From: tmorgan-security@kavi.com
Date: 01/29/02 

Date: Tue, 29 Jan 2002 12:51:40 -0800
From: tmorgan-security@kavi.com
To: phine@anonymous.to, vuln-dev@securityfocus.com

> Maybe I have completely missed the boat on this one, and if so,
> please explain how I could attack someone ELSE with these...

A friend just explained it to me. I guess I kinda did miss the
boat... I will explain it here so that others who are confused as I
was can learn from this as well. If my reasoning is flawed, I
would like to hear about it:

The victim has an account on a site which uses cookies for
authentication. An attacker sends them a link (in email, or
otherwise) to that site with javascript encoded in the GET of the URL.
This GET string activates the search functionality of the site, thus
causing the javascript to be run, which steals the victim's cookie
and sends it back to evilhost.com in another GET.

Of course other scenarios exist, but this is just one example.

Side note:
 On the subject of ethics... I am all for full-disclosure policies.
 However, in many cases, disclosing web application vulnerabilities
 is senseless if the application is only served up by a single
 entity. The whole point in disclosure is so that those running the
 buggy applications can do the footwork and download the applicable
 patches. In the case of custom web applications that run on one
 small set of servers, I don't see how full disclosure PRIOR to a
 fix is needed. If a web application is buggy, and it is only
 running on one site, a fix benefits ALL users immediately.
 Disclosure prior to this only opens the site and its users up for
 attack. Of course if the people running the site refuse to fix it,
 that is another matter...
 
sincerely,
tim

Relevant Pages

  • Re: Why so few U-boats at the start of the war?
    ... comments about naval warfare that are obviously subjective ... attack boats well below the surface. ... through comparative advantage (like my boat is ... faster/stronger/wider than your boat) but through relative ...
    (soc.history.war.world-war-ii)
  • Re: Submarines role in AAW - RN subs in the Falklands
    ... :>:loss of a ASW helicopter to a missile would change the status of a ... The boat of course is usually unaware of the ... :Firing a missile ... towed array will be somewhat confused during an attack. ...
    (sci.military.naval)
  • Re: Open question - Is this appropriate behavior...?
    ... pictures of his boat, his house, his car, etc. ... Any new pictures of the things you purchased and want to flaunt ... I'm referring to a personal attack of a viciousness which is ... so I went down to help (and check out his boat). ...
    (rec.boats)
  • Re: Submarines role in AAW - RN subs in the Falklands
    ... :>:boat down there and that will draw a lot of heat. ... But you're going to be making enough noise so that your classification ... :towed array will be somewhat confused during an attack. ... And this is the real problem. ...
    (sci.military.naval)
  • china wants the philippines to investigaate pirate atack on the spratleys
    ... attack on a Chinese fishing boat in disputed waters in the South China ... The Chinese state press had earlier said a Philippine boat was believed ... assertion that the boat was from the Philippines. ...
    (soc.culture.filipino)