| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jun 2004 11:29:52 -0700 From: "Drew Copley" <dcopley@...e.com> To: "Windows NTBugtraq Mailing List" <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>, <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com> Subject: RE: MAGIC XSS INTO THE DNS: coelacanth > -----Original Message----- > From: Windows NTBugtraq Mailing List > [mailto:NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM] On Behalf Of > http-equiv@...ite.com > Sent: Tuesday, June 15, 2004 3:00 PM > To: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM > Subject: MAGIC XSS INTO THE DNS: coelacanth > > Tuesday, June 15, 2004 > > The following courtesy of 'bitlance winter' adds an entirely new > dimension to the matter and also suggest some additional > peculiarities at play: > > <a href='http://"><plaintext>.e-gold.com'>foo</a> > > <a href='http://"><script>alert()<% > 2Fscript>.e-gold.com'>foo</a> > > these will inject arbitrary html and script into the site in the > context of the 'intranet zone', which means one no longer needs > to go out and setup a site with the dns issue, all one needs to > do is locate a functioning site, include their code into a > suitable url, either direct the target via that or place an > iframe elsewhere pointing to it. Because the wildcarding is a bit too wild. For instance, "http://&money.e-gold.com/ " resolves. And, "http://&money;G-Money&OGbabyOG.e-gold.com/" resolves. In e-gold's case, they actually take the url line and render it variously in their dynamic html on their page. > > Still unclear how or why this can be interpreted into the site > or through the browser. > > credit: 'bitlance winter' > > > End Call > > -- > http://www.malware.com > > ----- > NTBugtraq Editor's Note: > > Want to reply to the person who sent this message? This list > is configured such that just hitting reply is going to result > in the message coming to the list, not to the individual who > sent the message. This was done to help reduce the number of > Out of Office messages posters received. So if you want to > send a reply just to the poster, you''ll have to copy their > email address out of the message and place it in your TO: field. > ----- > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists