[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: Cross-Site Scripting of CVS sytem
From: |
office |
Subject: |
[Savannah-hackers] Re: Cross-Site Scripting of CVS sytem |
Date: |
Tue, 26 Mar 2002 19:00:21 +0900 |
Hi,
I found another CSS point in CVSview,
if you access to the URL
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev"><script>alert("hello")</script>
or
http://subversions.gnu.org/cgi-bin/viewcvs/cvs-utils/CVSROOT/?sortby=rev"><script>alert("hello")</script>
the script may run.
I think that not only Internet Exploer but Netscape Navigator are affected
by this new CSS point.
I hope you hurry up to fix this. Otherwise I have to report this to Bugtraq
without fix.
Regards,
--
office
address@hidden
http://www.office.ac/
On Wed, 13 Mar 2002 03:44:39 -0800
Greg Stein <address@hidden> wrote:
> On Wed, Mar 13, 2002 at 01:52:44PM +0900, office wrote:
> > My name is 'office', an Internet user.
> >
> > I have found the vulnerability of cross-site scripting of CVS sytem,
> > so report it.
> >
> > I wrote the report to Greg Stein, but I only received a mail auto
> > replied.
>
> That's me. You just ran into my auto-responder :-)
>
> > And I found your address as the vulnerablity may be on ViewCVS
> > system.
>
> Sure seems that way :-(
>
> > If you access to the URL including script code, like as
> > http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert("hello")</script>
>
> Hmm. That didn't do anything on my Mozilla client. I just got a text page
> saying that the cvs root didn't exist. What client are you using? What
> version of ViewCVS were you testing?
>
> >...
> > This vulnerability in the system in CVS and your reaction for this report
> > will
> > be published by me, adequately.
>
> Can modifying the URL actually be used to attack *another* person? If a
> person types in a malicious URL, then it would seem to affect just
> themselves. But if a person can type in something and attack *another*
> person, then this takes on a completely different meaning...
>
> Cheers,
> -g
>
> --
> Greg Stein, http://www.lyra.org/
- [Savannah-hackers] Re: Cross-Site Scripting of CVS sytem,
office <=