Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability

from [Chris Withers] Network Security [Permanent Link]
Subject: Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability
Date: Fri, 26 Nov 2004 09:25:18 +0000 
advisory@stgsecurity.com wrote:

proof of concept

http://[victim]/<img src=javascript:alert('hi')> 

Just to note, this bug only affects ZWiki version after Zwiki 0.10.0rc1.

Also, the fix is pretty trivial, apply the following patch to standard_error_message in all ZWiki folders (and on disk, so you don't have to do it again ;-):

--- standard_error_message.dtml.original        Fri Nov 26 09:17:22 2004
+++ standard_error_message.dtml Fri Nov 26 09:17:55 2004
@@ -29,7 +29,7 @@
   <body>
     <p>
       I could not find any likely page matching
-      "<b><dtml-var "here.urlunquote(searchexpr)"></b>"
+      "<b><dtml-var "here.urlunquote(searchexpr)" html_quote></b>"
     </p>
     <p>
       Click here to

Sadly, I see I broke the bug tracker, 'cos it's also a ZWiki, and has MUCH bigger problems than the above :-S (execution of any DTML in the context of (hopefully!) the user that created it along with a total lack of html quoting in the page :-(

In short, only use ZWiki if you know what you're doing, and preferably only if it's not anonymously accessible...

*sigh*

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  MDKSA-2004:141 - Updated zip packages fix vulnerability, Mandrake Linux Security Team
Next by Date:  RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], alex cottle
Previous by Thread:  STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability, advisory
Next by Thread:  XSS in Brazilian Insite products, Carlos Ulver
Indexes:  [Date] [Thread] [Top] [All Lists]