lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FCAD9F541A8E8A44881527A6792F892C10CDB0@owa.eeye.com>
From: dcopley at eEye.com (Drew Copley)
Subject: RE: MAGIC XSS INTO THE DNS: coelacanth

 

> -----Original Message-----
> From: Windows NTBugtraq Mailing List 
> [mailto:NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM] On Behalf Of 
> http-equiv@...ite.com
> Sent: Tuesday, June 15, 2004 3:00 PM
> To: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM
> Subject: MAGIC XSS INTO THE DNS: coelacanth
> 
> Tuesday, June 15, 2004
> 
> The following courtesy of 'bitlance winter' adds an entirely new
> dimension to the matter and also suggest some additional
> peculiarities at play:
> 
> <a href='http://&quot;&gt;&lt;plaintext&gt;.e-gold.com'>foo</a>
> 
> <a href='http://&quot;&gt;&lt;script&gt;alert()&lt;%
> 2Fscript&gt;.e-gold.com'>foo</a>
> 
> these will inject arbitrary html and script into the site in the
> context of the 'intranet zone', which means one no longer needs
> to go out and setup a site with the dns issue, all one needs to
> do is locate a functioning site, include their code into a
> suitable url, either direct the target via that or place an
> iframe elsewhere pointing to it.

Because the wildcarding is a bit too wild.

For instance, "http://&money.e-gold.com/ " resolves.

And, "http://&money;G-Money&OGbabyOG.e-gold.com/" resolves.

In e-gold's case, they actually take the url line and render
it variously in their dynamic html on their page.



> 
> Still unclear how or why this can be interpreted into the site
> or through the browser.
> 
> credit: 'bitlance winter'
> 
> 
> End Call
> 
> --
> http://www.malware.com
> 
> -----
> NTBugtraq Editor's Note:
> 
> Want to reply to the person who sent this message? This list 
> is configured such that just hitting reply is going to result 
> in the message coming to the list, not to the individual who 
> sent the message. This was done to help reduce the number of 
> Out of Office messages posters received. So if you want to 
> send a reply just to the poster, you''ll have to copy their 
> email address out of the message and place it in your TO: field.
> -----
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ