lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 9 Oct 2003 18:04:00 -0500
From: Wayne Schroeder <raz@...wies.net>
To: bipin gautam <visitbipin@...oo.com>
Cc: Full-Disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Re: !A stupid bug ...that works on mozilla, opera, IE!


I don't know sport... I think you need to double check your "'s and look
again.  Javascript console is just bitching on my mozilla saying that
the alert function isn't finished with a ) correctly.  Check out what
you are doing:

<script> function("string constant" literal javascript code "</script>

now see why it's saying ") .. the ") is outside what it considers a
close script tag -- now you are just back in html document land.  The
last </script> is just plain wrong and will most likely be ignored by
the browser and is just going to confuse any xml/html parser.  I get no
impression that any code is being compiled in a the javascript alert
functions string literal parameter.  

On Thu, Oct 09, 2003 at 11:47:58AM -0700, bipin gautam wrote:
> --[Description]---
> The brouser is letting u compile  some-thing inside
> the alert function. iT DOES looks dip but for an
> advance java script programmer might mean a lot to it.
> Well, its should show it anyways without compiling the
> script tag as it is inside the quotation. but
> surprising, the output is  
> 
> ")
> 
> I have successfully, tried this in latest version of
> opera and  IE 6 and MOZILLA. What do you say???
> 
> 
> ---[BUG]---
> 
> <html>
> <body>
> <p>THIS IS hUNT3R aka:Bipin Gautam</p>
> <script>alert("<script>location.href="http://www.ysgnet.com"</script>")</script>
> </body>
> </html>
> 
> 
> 
> 
> --[Background Information]--
> This bug was originally discovered by hUNT3R,[myself]
> a member of 01 Security Sumbission. The vendor was
> notified via email.
> http://www.ysgnet.com/hn
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ