Product Information acFreeProxy (aka "acfp") is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains. Description The proxy server may generate an error message if given a host that it cannot reach, or some other exceptional condition. The error page generated during this process does not have any input validation, and is vulnerable to cross-site scripting. This allows an attacker to inject code as *any site* the victim can visit, because this problem is in the proxy, and not a specific site. Impact This vulnerability is significantly more dangerous than any site-specific flaw, as it can be exploited to read content from any domain, instead of the limited scope of a typical cross-site scripting flaw, where the site that is flawed is the only site that can be impacted. Exploit http://www.hotmail.com:41997/%3CSCRIPT%3Ealert%28document%3EURL%29%3C/SCRIPT %3E/ If a vulnerable proxy is being run, script execution begins. I've also found bizarre crash behavior within acfp. When it accesses www.hotmail.com it crashes for some reason that I have yet to isolate. I believe that this may have something to do with empty entities in responses. Any ideas?
This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 15:17:22 PST