lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030512182659.16940.qmail@www.securityfocus.com>
Date: 12 May 2003 18:26:59 -0000
From: DarkHunter <darkhunter7@...kermail.com>
To: bugtraq@...urityfocus.com
Subject: CSS found in Movable Type




Summary:
Movable Type is a decentralized web-based personal publishing system 
designed to ease maintenance of regularly-updated content. This content 
can consist of, but is not limited to, entries in a weblog or online 
journal, photographs in an online photo gallery, news headlines on a 
newspaper site, or articles in an online magazine.

Details:
Vendor's site: www.movabletype.org

Vulnerable systems:
Movable Type version 2.63 and prior.

Cross Site Scripting Vulnerability found in writing the comments, in the 
Comments section there is sevral textboxs:
Name, Email Address, URL and Comments.
and all the textboxs allow using the javascript codes.
in order to causes a CSS attack on the target site we need to write a 
javascript code in the Name textbox (in some versions u can write the 
javascript code in the other textboxs of the Comments).

Examples:
You can use this javascripts codes:
&lt;script&gt;alert(document.cookie)&lt;/script&gt;
&lt;script&gt;alert("CSS discovered by DarkHunter")&lt;/script&gt;
"DarkHunter>&lt;script&gt;  .. (This code is so bad :) .. it causes disappering 
of all the Comments textboxs and buttons .. in other words every thing 
after this code will disapper).
and of course there are many codes that u can use.


Solution:
Edit the source code to strip malicious characters from Name, Email 
Address, URL and Comments textboxs or escape malicious characters using 
addslashes().
check the vendor's website for new patches.


Additional information:
The information has been provided by DarkHunter.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ