-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 scip Advisory 2003-01 scip ID 186 Title MSN search results.aspx Cross Site Scripting Affected MSN search results.aspx Found 2003/07/17 12:25 Informed 2003/07/17 16:11 Fixed 2003/07/23 08:57 Published 2003/07/23 Severity critical Remote yes Local yes Class Cross Site Scripting (XSS) Credit Marc Ruef <maruat_private>, scip AG, http://www.scip.ch State Microsoft informed (secureat_private) and bug fixed Description MSN search is a link directory moderated by Microsoft. It is possible to inject some scripting with a search query. An attacker could initiate scripting attacks as denial of service attempts or cookie stealing. The script dnserror.aspx is not affected by this cross site scripting vulnerability. Exploit http://search.msn.ch/results.aspx?srch=105&FORM=AS5& q=%3cscript%3ealert('test')%3b%3c%2fscript%3etest (URL is splitted into two parts; it doesn't work anymore) Solution All scripting functions in the webbrowser that are not needed should be deactivated. Check all URLs for unexpected strings (expecially "script") before following them. Some application gateways and intrusion detection systems are able to detect such an attack. Advisory http://www.scip.ch/publikationen/advisories/ 2003-01-msn_search_cross_site_scripting/ scip_advisory_2003-01_msn_search_cross_site_scripting.txt (URL is splitted into three parts) scip VulDB http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=186 (description of the vulnerabilities are in german) Additional Check the "Cross Site Scripting FAQ" by Cgisecurity.com at http://www.cgisecurity.com/articles/xss-faq.shtml -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPx429he5hzJzqVMhEQIlXACfa3MFe/NXzMOqcic/8D5OkW09trIAoO1s P8ucJOnmjVSAgIJNmod5VOkt =qMsi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Wed Jul 23 2003 - 00:51:10 PDT