| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mattmurphy at kc.rr.com (Matthew Murphy) Subject: acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS Product Information acFreeProxy (aka "acfp") is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains. Description The proxy server may generate an error message if given a host that it cannot reach, or some other exceptional condition. The error page generated during this process does not have any input validation, and is vulnerable to cross-site scripting. This allows an attacker to inject code as *any site* the victim can visit, because this problem is in the proxy, and not a specific site. Impact This vulnerability is significantly more dangerous than any site-specific flaw, as it can be exploited to read content from any domain, instead of the limited scope of a typical cross-site scripting flaw, where the site that is flawed is the only site that can be impacted. Exploit http://www.hotmail.com:41997/%3CSCRIPT%3Ealert%28document%3EURL%29%3C/SCRIPT %3E/ If a vulnerable proxy is being run, script execution begins. I've also found bizarre crash behavior within acfp. When it accesses www.hotmail.com it crashes for some reason that I have yet to isolate. I believe that this may have something to do with empty entities in responses. Any ideas?
Powered by blists - more mailing lists