lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040325235713.GA27335@steve.org.uk>
Date: Thu, 25 Mar 2004 23:57:13 +0000
From: Steve Kemp <steve@...ve.org.uk>
To: bugtraq@...urityfocus.com
Subject: freshmeat.net: XSS Attack due to improper comment filtering.



 
Freshmeat Comment Filtering Error
---------------------------------

  Freshmeat is a community driven website which serves as an index
 of free software projects.

  Each of the listed projects contains links to a website, download
 locations and other relevent information.
 
  The site is updated several times a day to include recent releases.


The Vulnerability
-----------------

  Each project page contains a collection of links and information 
 about it, as well as the ability for visitors to leave comments.

  Two forms of comments are allowed plain text, or HTML text.

  The attributes of the HTML are inadequately sanitized, allowing a 
 malicious commentor to create links which would execute arbitary
 Javascript.

  The following is an example of such a malicious link:
    
   <a href="http://foo.com/" onMouseOver="alert(1);">foo.com</a>


Impact
------

  The site uses a session ID stored in a cookie to keep track of a
 users state.  If a user is logged in and clicks upon a link, (or
 moves over it depending on the code), then they could have their
 login credentials stolen.

	
The Fix
-------

  The site admins were informed of the details of the attack and had
 the problem patched 9 hours later.


Timeline
--------

  Site admins informed:  Thu, 25 Mar 2004 04:39:06 -0800 (PST)
  Site Fixed:            Thu, 25 Mar 2004 04:39:06 -0800 (PST)


Links
-----

  Online version of this text:

        http://www.steve.org.uk/Hacks/Freshmeat.html



Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ