lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000001c85939$affed2e0$0ffc78a0$@de>
Date: Thu, 17 Jan 2008 19:49:27 +0100
From: "Sascha Roeske" <Service@...cha-Roeske.de>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: [FDSA] Notepad Highly Critical
	Cross-Site	Scripting (XSS) Vulnerability

That’s a really funny “security risk”. I don’t agree with you, because
otherwise every editor, which is able to save HTML Files, is a security
problem. So vi, Dreamweaver, emacs… are all unsecure? It is your decision,
to open a HTML file or not. And (if here are some MS guys) please don’t fix
this “issue”, because sometimes, if you haven’t a professional tool at the
moment, the Windows editor can be useful, too.  Also, if you need to edit
some small Scripts.

Yours, 
SR

-----Ursprüngliche Nachricht-----
Von: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] Im Auftrag von Fredrick
Diggle
Gesendet: Donnerstag, 17. Januar 2008 18:44
An: full-disclosure@...ts.grok.org.uk
Betreff: [Full-disclosure] [FDSA] Notepad Highly Critical Cross-Site
Scripting (XSS) Vulnerability

#######################################################################

                             Fredrick Diggle Security Advisory

Application: Notepad
Versions: 5.1.2600.2180 verified to be vulnerable
Platforms: Microsoft Windows (All Versions)
Bugs: Cross Site Scripting (XSS)
Severity: Critically High
Date: 17 Jan 2008
Credit: Estr Hinan

#######################################################################

1) Introduction
2) Bugs
4) Fix

#######################################################################

===============
1) Introduction
===============

Fredrick Diggle Security Services is probably the best application
security researchers on the scene this month. They have identified
several hundred thousand vulnerabilities this week for which Priv8
0dayz have been developed. Fredrick Diggle Security Team periodically
releases several of these vulnerabilities to the community at large
(Pre Vendor Release!!!!). Fred Diggle would like to ensure that you
understand this is 0DAY!!!. The vendors are completely unaware of this
vulnerabilities.

#######################################################################

=======
2) Bug
=======

Notepad is a utility which is built into all current versions of
Microsoft Windows. Notepad contains a highly exploitable stored
cross-site scripting vulnerability when files are saved with the
following extensions:

htm
html

Other extensions may also be vulnerable in your environment depending
on configuration. When arbitrary javascript code is entered into the
notepad text window and saved using one of the vulnerable extensions a
payload file is created. When an innocent user opens this payload file
cross-site scripting occurs.

#######################################################################

=======
3) Proof of Concept
=======

1. Open Notepad
2. Enter the following text
<script>alert("xss");</script>
3. Save file as "exploit.html"
4. double click the payload file

#######################################################################

======
4) Fix
======

Notepad should be rewritten to filter potentially dangerous
characters. Characters can be converted to their html encoded
equivalents.

#######################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ