Next message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:035-10] Updated PAM packages fix bug in pam_xauth module"
-- MODERATOR --
Edited accordingly, Identified 3 possible vendors.
-- /MODERATOR --
uk2sec Cross Site Scripting Advisory
by c0w_d0g3
uk2secat_private-ip.com
Many many websites run a 'site search' tool on their webpage with a URL
that looks like this:
/search/index.cfm
I am having trouble locating a specific vendor, but according to windows
the possible applications that may run it are:
.CFM Corel FontMaster
Cold Fusion Template File
Visual dBASE Windows Customer Form
Furthermore, 100% of all the systems we have tested are running IIS/4.0 or
IIS/5.0.
A quick search on google returns about 165'000 hits for the search tool.
To connect directly to the search tool - its usually:
http://www.example.com/search/index.cfm
There are several ways to demo the Cross Site Scripting problem.
The first is connect directly to the /search/index.cfm page and in the
search box type:
<script>alert("uk2sec")</script>
And that works.
Sometimes however you need to change this slightly to:
http://www.example.com/search/index.cfm?>alert("uk2sec")</script>
And connect... (it will still give you the same page)
And then in the search box (there may be more than one box for detailed
searches but just fire it into any) type:
<script>alert("uk2sec")</script>
Press enter to search, and it'll work.
This was tested on Multiple browsers as well (mozilla, IE, konqueror).
Live examples are not allowed on this list, however its not hard to find
somewhere to test it.
Points to consider - sometimes the java script in the URL you request, must
be the same script as the one you put in the search box (or thats just
what we found on one site we tested).
Regards,
c0w_d0g3
uk2sec
c0w_d0g3at_private
Members:
c0w_d0g3, deadbeat.
This archive was generated by hypermail 2b30
: Wed Feb 12 2003 - 15:28:40 PST