|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ArbitroWeb v0.6 Javascript injection vulnerability
From: Josh Gilmour (joshg
conqwest.com)
Date: Tue Jun 22 2004 - 11:50:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
vendor: ArbitroWeb
about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect all web requests thru it's set of scripts, all URL's contained will be adjusted/mangled to it's own scripts.
date: june 22nd, 2004
vendor status: ?
problem: javascript can be injected into the /?rawURL= field...
ex: www.server.com/?rawURL=<script>javascript:alert();</script>
popups up a javascript alert...
could be hazardous.... example (alert pops up 100 times):
www.server.com/?rawURL=<script>javascript:for(var i = 0; i < 100; i++) alert();</script>
it filters out the character " by making it \" so having it do various things that you can usually do with javascript injection is a problem... yet this should be fixed nonetheless, and its a possibility the character " has a workaround...
thanks to wehack.com, as i was looking thrugh their site at advisories and came upon this product....
Thanks,
Josh Gilmour
joshg <at> conqwest <dot> com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]