lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000701c39b80$60f34260$83cb2340@dr34r264nwp8rz>
Date: Sun, 26 Oct 2003 01:16:56 -0400
From: "Joshua P. Miller" <jpmiller@....net>
To: <bugtraq@...urityfocus.com>
Subject: New Vulnerability


I would like to submit a vulnerability that I just recently discovered. I
have already contacted the vendor of the software that I discovered the bug
in, but they have not gotten back to me. There are two Code Injection/CSS
vulnerabilities that exist in Guestbook Version 1.51 by Chi Kien Uong
(www.proxy2.de). Although I have not checked, it would not come as a
surprise if prior versions are vulnerable as well.

The first vulnerability arises when HTML is enabled. When a user posts a
message with HTML in it, the tags that are used are not filtered in any way.
Thus, anyone viewing the guestbook is vulnerable to attack (redirection,
cookie stealing, etc.)

The second vulnerability is quite a bit less severe. When a user submits an
e-mail address or a URL, double quotation marks are not filtered. So, if the
first character of the e-mail or URL input is a double quotation mark, all
data after that is appended to the e-mail or URL link. If I were to submit
this:

            " onmouseover="alert(document.cookie)

as my e-mail address or homepage URL, that exact attribute would be added to
the link. Anyone viewing the guestbook could be attacked in several of the
same ways as with the first vulnerability that I described. It is less
severe, though, because they would have to click on or hover over the link
to initiate the attack.

These vulnerabilities were discovered on October 23, 2003.

I would appreciate being informed if this vulnerability gets posted. Thanks!

Joshua P. Miller
jpmiller@....net



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ