Todd, Well, there was a CERT advisory a while back... http://www.cert.org/advisories/CA-2000-02.html. It has some good information in it. Plus, many of the web server vendors have advisories about this, which talk about how it works in their particular products. The Apache one is really thorough. BTW, a good resource on who is vulnerable is : http://www.devitry.com/security.html -E -----Original Message----- From: Oliver, Todd [mailto:ctoat_private] Sent: Sunday, January 06, 2002 14:19 To: Ed Moyle; vuln-devat_private Subject: RE: Cross-Site Scripting in PlumTree? Where could I obtain solid documentation on Cross-Site Scripting vulnerabilities and how they work and what kind of exposures they create? Thanks Todd -----Original Message----- From: Ed Moyle [mailto:emoyleat_private] Sent: Friday, January 04, 2002 2:33 PM To: vuln-devat_private Subject: Cross-Site Scripting in PlumTree? Hi. Anybody know about cross-scripting in PlumTree? I happened to notice this while I was at the plumtree-hosted demonstration site (portal.plumtree.com.) It appears as if plumtree portal ships by default some error page (error.asp) that parrots back the message that appears as part of the request URI. This error page seems to recieve an argument that is a textual description of the error that is shown to the user on the resulting page... In the below example, <plumtreeserver> should point to the plumtree server (obviously), and <portalname> should be the directory for the portal. For example, you might have a plumtree server called "portal.domain.dom" and the first directory was called "portal"... http://>/<portalname>/common/error.asp?UserID=2&Descripti on=%3CSCRIPT%20LANGUAGE%3DJAVASCRIPT%3Ealert%28%22Cross-Script%22%29%3B% 3C/script%3e (seems to work w/ IE, but is not tested on Netscape.) Does anybody know if PlumTree has a procedure to fix this posted somewhere? -E
This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 11:02:06 PST