[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003301c25ce4$3b7027a0$e62d1c41@kc.rr.com>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Altavista BabelFish XSS Hole
Babelfish is Altavista's automated translation tool. It is used by the
various "Translate" links on the site and in search results. A malformed
translation can result in cross-site scripting. By requesting a translation
of HTML, it is possible to execute script code as the AltaVista domain.
Initially, this hole presented a unique challenge -- exploiting the
vulnerability so that the JavaScript code would not change, even when
applied across two languages. However, Babelfish creates a textarea with
the supplied data still intact, so exploitation is much easier. By starting
the translation with "</TEXTAREA>", an attacker can cause the original data
to be launched as well.
"The reason the mainstream is thought
of as a stream is because it is
so shallow."
- Author Unknown
Powered by blists - more mailing lists