[Full-Disclosure] phpReactor - Cross-Site Scripting via STYLE

From: Matthew Murphy (mattmurphyat_private)
Date: Sat Aug 24 2002 - 10:40:25 PDT

Next message: HalbaSus: "re: More on Shatter"

Previous message: Daniel Newby: "Re: More on Shatter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

phpReactor has recently been updated to eliminate several known cross-site
scripting vulnerabilities.  Among these changes was to reduce the tags
allowed in posts, profiles, etc. down to B, I, and FONT.  However, using the
"STYLE" attribute, one can still defeat this:

<b style="expression(alert(document.cookie))">

This won't work on all browsers (IE runs it, though)

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: HalbaSus: "re: More on Shatter"
Previous message: Daniel Newby: "Re: More on Shatter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 24 2002 - 11:51:00 PDT