Next message: Kajim Haderes: "Re: Possible hole in xchat"
Where could I obtain solid documentation on Cross-Site Scripting
vulnerabilities and how they work and what kind of exposures they
create?
Thanks
Todd
-----Original Message-----
From: Ed Moyle [mailto:emoyleat_private]
Sent: Friday, January 04, 2002 2:33 PM
To: vuln-devat_private
Subject: Cross-Site Scripting in PlumTree?
Hi.
Anybody know about cross-scripting in PlumTree? I happened to notice
this while I was at the plumtree-hosted demonstration site
(portal.plumtree.com.) It appears as if plumtree portal ships by
default some error page (error.asp) that parrots back the message that
appears as part of the request URI. This error page seems to recieve an
argument that is a textual description of the error that is shown to the
user on the resulting page...
In the below example, <plumtreeserver> should point to the plumtree
server (obviously), and <portalname> should be the directory for the
portal. For example, you might have a plumtree server called
"portal.domain.dom" and the first directory was called "portal"...
http://>/<portalname>/common/error.asp?UserID=2&Descripti
on=%3CSCRIPT%20LANGUAGE%3DJAVASCRIPT%3Ealert%28%22Cross-Script%22%29%3B%
3C/script%3e
(seems to work w/ IE, but is not tested on Netscape.)
Does anybody know if PlumTree has a procedure to fix this posted
somewhere? -E
This archive was generated by hypermail 2b30
: Sun Jan 06 2002 - 12:05:48 PST