Bugtraq mailing list archives
RE: Multiple Vendor Java Servlet Container Cross-Site Scripting V ulnerability
From: "Cook, Justin S. (Schmidt)" <JSCook () schmidt com>
Date: Tue, 3 Jul 2001 07:47:14 -0500
This same vulnerability seems to be partially evident for CFServer(at least version 4.5). Using the following code: default.cfm ----------- <html> <head> <title>CFML Cross-site Scripting Vulnerability Testing</title> <script language="javascript" src="extra.js"></script> </head> </html> extra.js --------- /* does nothing */ function foo() { var bar="foo"; return bar; } if you do a reqest in your browser for http://domain/default.cfm/<script>alert(document.domain) You can see that the JS is at least paritally interpreted because it shows up in the IE errors. If viewed in netscape, you see that there is a syntax error with the first tag(in this case <html>). IE Error: Line: 4 Char: 1 Error: Syntax Error Code: 0 URL: http://domain/default.cfm/<script>alert(document.domain) NS 4.7 Error: JavaScript Error: http://domain/default.cfm/extra.js, line 3: syntax error. <html> ^ Quite odd results actually. It only seems to work when you call out for an external javascript file. Justin Cook Work: jscook () schmidt com Home: jsc () themes org / jcook () k-lug org
Current thread:
- RE: Multiple Vendor Java Servlet Container Cross-Site Scripting V ulnerability Cook, Justin S. (Schmidt) (Jul 03)