WebApp Sec mailing list archives
CSS before redirect
From: Stephen de Vries <stephen.devries () dcode net>
Date: Mon, 8 Sep 2003 15:32:49 +0000 (GMT)
Hi all, I'm looking at an application that seems to be vulnerable to CSS attack, however, the browser keeps following the redirect before running the script. The request: GET /includes?"></a><script>alert('hello')</script> HTTP/1.1 Results in the following response: HTTP/1.1 302 Object Moved Location: https://somwhereelse.com Server: Microsoft-IIS/4.0 Content-Type: text/html Content-Length: 123 <head><title>Document Moved</title></head> <body><h1>Object Moved</h1>This document may be found <a HREF="https://somewhereelse.com/includes/?"></a><script>alert('hello')</script>">here</a> The CSS injection looks as though it should work, if the browser just displayed that page, but instead it acts on the redirect immediately before displaying the page. This happens in both Mozilla 1.4 and IE 6. Do you think this represents a security risk ? Do older browsers behave in the same way ? Is it possible to turn this behaviour off ? Does cologne make the man ? cheers, Stephen
Current thread:
- CSS before redirect Stephen de Vries (Sep 08)
- Re: CSS before redirect Jeremiah Grossman (Sep 08)
- Re: CSS before redirect Marc Slemko (Sep 08)
- RE: CSS before redirect Thomas Schreiber (Sep 09)
- Re: CSS before redirect Jeremiah Grossman (Sep 08)