On Sunday 12 May 2002 12:43, Shields, Larry wrote:
> The XSS (cross site scripting) related attack using ; is usually
> combined with the ( and ) characters, and can lead to an exploit when the
> variable that contains these characters are used inside of already existing
> <script> tags on the page. When the variable is sent back to the browser
> the ; will break off the current line of what was being done in the script
> and access to the ( and ) make it easy to access whatever Javascript
> functions you need to invoke for your attack to work.

True, I didn't consider CSS in my posting. Outputting javascript is always a
source of problems.

>
> -Larry Shields
>
> -----Original Message-----
> From: Security Coordinator [mailto:securityaptusventures.com]
> Sent: Sunday, May 12, 2002 12:14 PM
> To: Faustin Baron; webappsecsecurityfocus.com
> Subject: Re: Cross Site Scripting
>
> On Friday 10 May 2002 23:11, Faustin Baron wrote:
> > Does anyone know how vulnerable I am leaving my webserver
> > if I allow the use of a semi-colon in a URL. I am not
> > allowing other characters that could be used in CSS such as
> > <,>,&,etc.. Any information would be greatly appreciated.
> >
> > FB
>
> It really depends on the context. If you have a semi-colon in some input
> that
> gets passed to a shell, it could be deadly. I've seen more than one poorly
> written webapp with something like:
>
> my $dir = $cgi->param('dir');
> my $listing = `ls $dir`; # backticks.
>
> Naturally there are a dozen bad things going on in those 2 lines of code...
> It just illustrates the point. I don't think its so much a matter of asking
> "what characters are bad" as it is asking "what practices are vulnerable".
>
> Run under taint mode and see what perl complains about. Always useful.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]