Full Disclosure mailing list archives

[scip_Advisory 2003-01] MSN search results.aspx Cross Site Scripting

From: "Marc Ruef" <maru () scip ch>
Date: Wed, 23 Jul 2003 09:19:06 +0200

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

scip Advisory 2003-01

scip ID     186
Title       MSN search results.aspx Cross Site Scripting
Affected    MSN search results.aspx
Found       2003/07/17 12:25
Informed    2003/07/17 16:11
Fixed       2003/07/23 08:57
Published   2003/07/23
Severity    critical
Remote      yes
Local       yes
Class       Cross Site Scripting (XSS)
Credit      Marc Ruef <maru () scip ch>, scip AG, http://www.scip.ch
State       Microsoft informed (secure () microsoft com) and bug fixed
Description MSN search is a link directory moderated by Microsoft. It is

            possible to inject some scripting with a search query. An
            attacker could initiate scripting attacks as denial of
            service attempts or cookie stealing. The script
dnserror.aspx
            is not affected by this cross site scripting vulnerability. 
Exploit     http://search.msn.ch/results.aspx?srch=105&FORM=AS5&;
            q=%3cscript%3ealert('test')%3b%3c%2fscript%3etest
            (URL is splitted into two parts; it doesn't work anymore)
Solution    All scripting functions in the webbrowser that are not
needed
            should be deactivated. Check all URLs for unexpected strings
            (expecially "script") before following them. Some
application
            gateways and intrusion detection systems are able to detect
            such an attack.
Advisory    http://www.scip.ch/publikationen/advisories/
            2003-01-msn_search_cross_site_scripting/
            scip_advisory_2003-01_msn_search_cross_site_scripting.txt
            (URL is splitted into three parts)
scip VulDB  http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=186
            (description of the vulnerabilities are in german)
Additional  Check the "Cross Site Scripting FAQ" by Cgisecurity.com at
            http://www.cgisecurity.com/articles/xss-faq.shtml

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPx429he5hzJzqVMhEQIlXACfa3MFe/NXzMOqcic/8D5OkW09trIAoO1s
P8ucJOnmjVSAgIJNmod5VOkt
=qMsi
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[scip_Advisory 2003-01] MSN search results.aspx Cross Site Scripting Marc Ruef (Jul 23)
- Re: [scip_Advisory 2003-01] MSN search results.aspx Cross Site Scripting morning_wood (Jul 23)