lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jul 2003 09:19:06 +0200 From: "Marc Ruef" <maru@...p.ch> To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>, <news@...uriteam.com>, <submissions@...ketstormsecurity.org> Subject: [scip_Advisory 2003-01] MSN search results.aspx Cross Site Scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 scip Advisory 2003-01 scip ID 186 Title MSN search results.aspx Cross Site Scripting Affected MSN search results.aspx Found 2003/07/17 12:25 Informed 2003/07/17 16:11 Fixed 2003/07/23 08:57 Published 2003/07/23 Severity critical Remote yes Local yes Class Cross Site Scripting (XSS) Credit Marc Ruef <maru@...p.ch>, scip AG, http://www.scip.ch State Microsoft informed (secure@...rosoft.com) and bug fixed Description MSN search is a link directory moderated by Microsoft. It is possible to inject some scripting with a search query. An attacker could initiate scripting attacks as denial of service attempts or cookie stealing. The script dnserror.aspx is not affected by this cross site scripting vulnerability. Exploit http://search.msn.ch/results.aspx?srch=105&FORM=AS5& q=%3cscript%3ealert('test')%3b%3c%2fscript%3etest (URL is splitted into two parts; it doesn't work anymore) Solution All scripting functions in the webbrowser that are not needed should be deactivated. Check all URLs for unexpected strings (expecially "script") before following them. Some application gateways and intrusion detection systems are able to detect such an attack. Advisory http://www.scip.ch/publikationen/advisories/ 2003-01-msn_search_cross_site_scripting/ scip_advisory_2003-01_msn_search_cross_site_scripting.txt (URL is splitted into three parts) scip VulDB http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=186 (description of the vulnerabilities are in german) Additional Check the "Cross Site Scripting FAQ" by Cgisecurity.com at http://www.cgisecurity.com/articles/xss-faq.shtml -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPx429he5hzJzqVMhEQIlXACfa3MFe/NXzMOqcic/8D5OkW09trIAoO1s P8ucJOnmjVSAgIJNmod5VOkt =qMsi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists