RE: Can you exploit this XSS?

From: Scovetta, Michael V (Michael.Scovetta_at_ca.com)
Date: 11/19/03

Next message: thanos F_at_rm@k1s: "openbsd 3.4 ps bug"

Previous message: Paul Johnston: "Re: Can you exploit this XSS?"
Maybe in reply to: Paul Johnston: "Can you exploit this XSS?"
Next in thread: Paul Johnston: "Re: Can you exploit this XSS?"
Reply: Paul Johnston: "Re: Can you exploit this XSS?"
Reply: Parity: "RE: Can you exploit this XSS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Nov 2003 11:45:54 -0500
To: "Paul Johnston" <paul@westpoint.ltd.uk>, <vuln-dev@securityfocus.com>, <rich@westpoint.ltd.uk>

As I understand XSS, it is only exploitable when user A enters data that
user B views. XSS is moot when you can only do it to yourself, so screens
like that (a redirect), is just a convenience for the user. It should
still be properly clensed, but I don't see this being a true case of XSS,
more like JavaScript Injection.

Michael Scovetta
Application Developer
Computer Associates International, Inc.

-----Original Message-----
From: Paul Johnston [mailto:paul@westpoint.ltd.uk]
Sent: Wednesday, November 19, 2003 7:51 AM
To: vuln-dev@securityfocus.com; rich@westpoint.ltd.uk
Subject: Can you exploit this XSS?

Hi,

While auditing a web app, I've found the site redirects not found pages
to a login screen. This contains an element like:

Now, the XXX bit is controlled by the user, and it seems the only
characters escaped are " and & - i.e.
<script>alert(document.cookie)</script> gets through (hence my tool
alerted me).

Can this be exploited for XSS? I can't see how to immediately, but it
seems possible.

Paul

-- 
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk

Next message: thanos F_at_rm@k1s: "openbsd 3.4 ps bug"

Previous message: Paul Johnston: "Re: Can you exploit this XSS?"
Maybe in reply to: Paul Johnston: "Can you exploit this XSS?"
Next in thread: Paul Johnston: "Re: Can you exploit this XSS?"
Reply: Paul Johnston: "Re: Can you exploit this XSS?"
Reply: Parity: "RE: Can you exploit this XSS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Can you exploit this XSS?
... XSS is moot when you can only do it to yourself ... Especially when the link points to an app which the victim ... XSS is moot when you can only do it to yourself, ... I've found the site redirects not found pages ...
(Vuln-Dev)
Re: Can you exploit this XSS?
... Another way of making the link with the code in a less obvious XSS one ... > While auditing a web app, I've found the site redirects not found ...
(Vuln-Dev)
Re: [Full-disclosure] Web Application Security Awareness Day
... awareness day, it just makes it more interesting being on may day. ... web app bug onto the list and it won't be considered lame. ... on a normal day, ppl say *boring xss*, *i'm not going to get hacker ...
(Full-Disclosure)
RE: xss....what next???
... IMHO (but thanks must go to rsnake for his xss guide), ... make use of an admin user's escalated privilege - i.e. you get a website ... Picking the easy wins in a time limited test is where web app testing ... Insight Consulting, part of Siemens Communications, is a leading specialist provider of services and solutions for security, continuity, compliance and identity management. ...
(Pen-Test)