Re: XSS vulnerabilities via errors at requests to DB

["MustLive" <mustlive () websecurity com ua>]

Hello Michal!

First of all, Happy New Year.

And thank you for paying attention at my small article about my researches.

> Thank you this excellent research!

You are welcome.

In this case I was talking not about something new for security community
(security professionals have to deal with XSS via SQL errors many times),
but about most common places of XSS holes. Such as XSS in search engines
(local and global), XSS at 404 error pages and XSS via errors at requests to
DB (in last article). As I already wrote to Michele
(http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072123.html),
with my researches and articles, and also during live speeches with web
developers, I'm trying to inform them about risks of XSS holes in common
places of XSS.

> Given your contributions in this area, I was hoping you could offer me
> some advice:

I see you have a sense of humor. But I give you advice (which you asked me):
irony is not best type of humor, so next time try other type of humor ;-).
Because, Google with no doubts have a sense of humor
(http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072111.html).
As I said before, in this article I wrote about not new classes of XSS holes
or attacks, but about most common places of XSS. I.e. I'm showing examples
of bad practices to force web developers to make more secure web sites.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: "Michal Zalewski" <lcamtuf () coredump cx>
To: "MustLive" <mustlive () websecurity com ua>
Cc: <full-disclosure () lists grok org uk>
Sent: Saturday, December 19, 2009 9:19 PM
Subject: Re: [Full-disclosure] XSS vulnerabilities via errors at requests to
DB


> Dear MustLive,
>
> > Earlier I wrote already about XSS vulnerabilities at 404 pages
> > (http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071664.html).
> > And already at 2008 I planned to tell about one interesting and
> > widespread
> > vector of XSS attacks - it's the attacks via errors at requests to DB.
>
> Thank you this excellent research!
>
> Given your contributions in this area, I was hoping you could offer me
> some advice: I recently stumbled upon an XSS flaw on a page with
> vaguely turquoise background. I am not sure whether to classify this
> as a separate class of a web vulnerability, or merely a novel
> extension of well-established XSS attacks against sky blue targets?
>
> Sincerely,
> /mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/