Full Disclosure mailing list archives
Re: Bad CNN. No cookie for you!
From: dateline () hushmail com
Date: Tue, 18 Nov 2008 09:10:46 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear CNN, Even though you still have not responded directly to me, I want to thank you for responding so quickly to the Full Disclosure exploit. I see that you have removed the entire section titled "CNN.com Extras". This removes the "My recently viewed pages" link that can be used to validate the exploit. Unfortunately, you still assign the js_memberservices.mrv and js_user_topics cookies when visitors view news reports on your site. The code that you use for updating these cookie values (appending, deleting, etc.) is still vulnerable. Your programmers are not properly quoting user-supplied parameters and not taint- checking for special characters. The problem is not that CNN.com has (still has) web pages that do not check for hostile user-supplied data. The problem is that CNN.com is accepting user-supplied data for web page and HTTP header generation, without any checks for variable content. A well- crafted cookie value can still p0wn cnn.com. -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkki6QYACgkQ/Ikpqp7FIXdRBwP9EcxXaLBHElP0kkaulI813MFMhlZh Eh8vTje9N3WQe0c28jK8g5YvQEpDygvkGz9388MDamFwZ7qA19gkCKTBgr5vGptvVU7T oe6CcnSr0ucvPFH7l0b7g+7txLEl0lJN+pDS8vELRw80Xc7fJOvtkXvsHsP6jYOjF+NQ 3qjXwSQ= =JYwk -----END PGP SIGNATURE----- -- Do something nice for your skin. Click now for great skin care products! http://tagline.hushmail.com/fc/PnY6qxssyy9vjbhOVqQN0PUEgFO1KeOuKsuwigy0wGzj94ZdTneTu/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Bad CNN. No cookie for you! dateline (Nov 17)
- <Possible follow-ups>
- Re: Bad CNN. No cookie for you! dateline (Nov 18)