Re: Can you exploit this XSS?
From: Paul Johnston (paul_at_westpoint.ltd.uk)
Date: 11/19/03
- Previous message: Paul Johnston: "Re: Can you exploit this XSS?"
- Maybe in reply to: Paul Johnston: "Can you exploit this XSS?"
- Next in thread: Parity: "RE: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Nov 2003 17:10:56 +0000 To: "Scovetta, Michael V" <Michael.Scovetta@ca.com>
Hi Michael,
What you describe is "persistent XSS" and the worst kind. But the lesser
kind, like I described, is still a vulnerability. If you can persuade a
user to click a malicious link, the malicious javascript will run in
their browser with the priviliges of the vulnerable site. Getting
someone to click a link is relatively easy, especially as they may not
have to literally click it, because of iframe, redirects, etc.
Paul
Scovetta, Michael V wrote:
>As I understand XSS, it is only exploitable when user A enters data that
>user B views. XSS is moot when you can only do it to yourself, so screens
>like that (a redirect), is just a convenience for the user. It should
>still be properly clensed, but I don't see this being a true case of XSS,
>more like JavaScript Injection.
>
>Michael Scovetta
>Application Developer
>Computer Associates International, Inc.
>
>
>-----Original Message-----
>From: Paul Johnston [mailto:paul@westpoint.ltd.uk]
>Sent: Wednesday, November 19, 2003 7:51 AM
>To: vuln-dev@securityfocus.com; rich@westpoint.ltd.uk
>Subject: Can you exploit this XSS?
>
>
>Hi,
>
>While auditing a web app, I've found the site redirects not found pages
>to a login screen. This contains an element like:
>
><input type="hidden" name="tageturl" value="XXX">
>
>Now, the XXX bit is controlled by the user, and it seems the only
>characters escaped are " and & - i.e.
><script>alert(document.cookie)</script> gets through (hence my tool
>alerted me).
>
>Can this be exploited for XSS? I can't see how to immediately, but it
>seems possible.
>
>Paul
>
>
>
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul@westpoint.ltd.uk web: www.westpoint.ltd.uk
- Previous message: Paul Johnston: "Re: Can you exploit this XSS?"
- Maybe in reply to: Paul Johnston: "Can you exploit this XSS?"
- Next in thread: Parity: "RE: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
