People are talking about CSS, yes still after many years it is a security problem. Some people say 'what sort of a problem, yes you can steal cookies but what else?, So how about new ideas. How about using CSS to exploit vulnerabilities in web sites, with some degree of anonyminity. Example: hello.asp takes 1 paramater (name) that is displayed to the screen with no cleansing. /hello.asp?name = <iframe src=http://vuln.iis.server/scripts/root.exe?/c+dir></iframe> I used iframe in the example as it shows something visible on the screen. But an attacker would need no response from the server so image tags etc are all viable. Example Scenario. ----------------- Web board has CSS and also runs vuln iis. Attacker posts message with css exploit that kills the server. User comes along reads message and users ip gets logged as killing the server. This could even be set to kill a different iis server. ------------------ Feedback is requested of course, and perhaps somebody will have time and energy to test further. How about other exploits? Custom made .ida overflow code <iframe src=http://vuln.iis.server/a.ida?XXX....XXX{CUSTOM IDA OVERFLOW CODE}></iframe> Brett > -----Original Message----- > From: E M [mailto:rdnktrkat_private] > Sent: Saturday, 2 February 2002 08:14 > To: billpat_private; vuln-devat_private > Subject: Re: CSS, CSS & let me give you some more CSS > > > I think we are getting away from the original topic, CSS and how > it effects > you. > > Basically the general agreement is that cookie stealing via > embedded code is > the most dangerous use for CSS and the most common.
This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 14:26:50 PST