RE: Cross-Site Scripting in PlumTree?

From: Ed Moyle (emoyleat_private)
Date: Mon Jan 07 2002 - 05:55:05 PST

Next message: Blue Boar: "[Fwd: Re : Fw: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE (#5947-000093-7546\939465)]"

Previous message: Curt Wilson: "Re: Possible Yahoo Messenger security issues"
Maybe in reply to: Ed Moyle: "Cross-Site Scripting in PlumTree?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Todd,

	Well, there was a CERT advisory a while back...  http://www.cert.org/advisories/CA-2000-02.html. It has some good information in it.  Plus, many of the web server vendors have advisories about this, which talk about how it works in their particular products.  The Apache one is really thorough.

	BTW, a good resource on who is vulnerable is :  http://www.devitry.com/security.html

-E

-----Original Message-----
From: Oliver, Todd [mailto:ctoat_private]
Sent: Sunday, January 06, 2002 14:19
To: Ed Moyle; vuln-devat_private
Subject: RE: Cross-Site Scripting in PlumTree?


Where could I obtain solid documentation on Cross-Site Scripting
vulnerabilities and how they work and what kind of exposures they
create?

Thanks


Todd

-----Original Message-----
From: Ed Moyle [mailto:emoyleat_private] 
Sent: Friday, January 04, 2002 2:33 PM
To: vuln-devat_private
Subject: Cross-Site Scripting in PlumTree?


Hi.

Anybody know about cross-scripting in PlumTree?  I happened to notice
this while I was at the plumtree-hosted demonstration site
(portal.plumtree.com.)  It appears as if plumtree portal ships by
default some error page (error.asp) that parrots back the message that
appears as part of the request URI.  This error page seems to recieve an
argument that is a textual description of the error that is shown to the
user on the resulting page...

In the below example, <plumtreeserver> should point to the plumtree
server (obviously), and <portalname> should be the directory for the
portal.  For example, you might have a plumtree server called
"portal.domain.dom" and the first directory was called "portal"...  

http://>/<portalname>/common/error.asp?UserID=2&Descripti
on=%3CSCRIPT%20LANGUAGE%3DJAVASCRIPT%3Ealert%28%22Cross-Script%22%29%3B%
3C/script%3e   

(seems to work w/ IE, but is not tested on Netscape.)

Does anybody know if PlumTree has a procedure to fix this posted
somewhere? -E

Next message: Blue Boar: "[Fwd: Re : Fw: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE (#5947-000093-7546\939465)]"
Previous message: Curt Wilson: "Re: Possible Yahoo Messenger security issues"
Maybe in reply to: Ed Moyle: "Cross-Site Scripting in PlumTree?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 11:02:06 PST