Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Security Coordinator (securityaptusventures.com)
Date: Mon May 13 2002 - 09:53:18 CDT
On Sunday 12 May 2002 12:43, Shields, Larry wrote:
> The XSS (cross site scripting) related attack using ; is usually
> combined with the ( and ) characters, and can lead to an exploit when the
> variable that contains these characters are used inside of already existing
> <script> tags on the page. When the variable is sent back to the browser
> the ; will break off the current line of what was being done in the script
> functions you need to invoke for your attack to work.
source of problems.
> -Larry Shields
> -----Original Message-----
> From: Security Coordinator [mailto:securityaptusventures.com]
> Sent: Sunday, May 12, 2002 12:14 PM
> To: Faustin Baron; webappsecsecurityfocus.com
> Subject: Re: Cross Site Scripting
> On Friday 10 May 2002 23:11, Faustin Baron wrote:
> > Does anyone know how vulnerable I am leaving my webserver
> > if I allow the use of a semi-colon in a URL. I am not
> > allowing other characters that could be used in CSS such as
> > <,>,&,etc.. Any information would be greatly appreciated.
> > FB
> It really depends on the context. If you have a semi-colon in some input
> gets passed to a shell, it could be deadly. I've seen more than one poorly
> written webapp with something like:
> my $dir = $cgi->param('dir');
> my $listing = `ls $dir`; # backticks.
> Naturally there are a dozen bad things going on in those 2 lines of code...
> It just illustrates the point. I don't think its so much a matter of asking
> "what characters are bad" as it is asking "what practices are vulnerable".
> Run under taint mode and see what perl complains about. Always useful.