In the process of translating this French tutorial into English using babelfish.altavista.com, I noticed that it converted the encoded characters in the document. Which brings up another potential source of cross-site scripting attacks via translation and other online tools. Using a variety of techniques, one could formulate a URL that appears to be coming from altavista.com but in fact is loading a page loaded with nefarious code from any site. Similar vulnerabilities could potentially be found in sites such as HTML validation utilities or broken link checkers. I also found several domain name registrars that had whois lookups that were vulnerable to cross-site scripting. These in particular could be serious vulnerabilities as some of these registrars allow login via cookies. By sending a properly crafted URL to the right person, one could potentially hijack another's domain. Mark Burnett www.xato.net On Tue, 29 Jan 2002 23:25:52 +0100, Frog Frog wrote: >Nice... I just want to say that there is a tutoriel in french about >cross site scripting : http://balteam.multimania.com/Tuts/css.txt . >If you have additions or advices, please send them to me... Thx :) > >>From: "- phinegeek -" <phineat_private> To: vuln >>-devat_private Subject: CSS, CSS & let me give you some >>more CSS Date: Tue, 29 Jan 2002 00:31:21 -0800 >> >>A little while back I posted some info on a CSS bug I found on >>ebay, http://securityfocus.com/archive/82/246275. >>Just about every site(not joking) you go to has this type of >>vulnerability, its nothing new. Luckily, CSS vulns are very easy >>to fix, after they are discovered. >>However, you shouldn't have to wait until your site is prefixed >>with "Cross Site Scripting" on a Bugtraq posting. These types of >>errors, as well as many other similar(but less threatening) types >>are the product of careless programming practices. >>All you need is a method(call it SecureHTML()) that you run all >>your input through, before it gets displayed back to the user. >>This method would be used throughout your site in a modularized >>fashion. >>Isn't this how we should be doing it anyway??? >>This simple principle can also be used for input that becomes part >>of an SQL statement(call it SecureSQL()) to guard against sql >>injection. >>Just modularize your code folks and make sure all your developers >>use the methods when dealing with input. >>Its really that simple. >>This is also not new, I guess you could call it prevention? >> >>and heres some fun.. alot of Security issues =] >> >>Security Focus: http://securityfocus.com/ (copy and paste the text >>below in the search box just like it is) >>CSS OR "><SCRIPT><!-- ..tsk tsk tsk.. --></SCRIPT>" >> >>Digital Security: >>http://www.eeye.com/html/forms/recommend.html?u=eeye.com/