lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00a501c23ffb$a223edc0$e62d1c41@kc.rr.com>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Abcnews.com - XSS in Stories by ZIP Code Feature

Advisory WA-2002-01: Vulnerability in Abcnews.com Stories by ZIP
Code Feature

This is my first advisory in what will more than likely become a series of
similar things on cross-site scripting at major web sites.  When we think
of XSS bugs, we think of typical things, search boxes, guestbooks, etc.

"Stories by ZIP Code" was not on my list. :-)

A vulnerability in the way this is handled at abcnews.com results because
the box is not required to contain all-numerical data, and is allowed
arbitrary
length -- and, returned unfiltered when a search fails.

The example URL here will cause a textarea to display below the box.  Type
in a JS command and double click to see it working:

http://my.abcnews.go.com/localpageMainHandler?input=%22%3E%3CTEXTAREA+STYLE%
3Dheight%3A300px%3B+width%3D300px+ONDBLCLICK%3Deval%28this.value%29%3E%3C%2F
TEXTAREA%3E&input.x=0&input.y=0

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ