Re: CSS, CSS & let me give you some more CSS

["M. Burnett" <mb () xato net>]

In the process of translating this French tutorial into English using
babelfish.altavista.com, I noticed that it converted the encoded
characters in the document.  Which brings up another potential source
of cross-site scripting attacks via translation and other online
tools.  Using a variety of techniques, one could formulate a URL that
appears to be coming from altavista.com but in fact is loading a page
loaded with nefarious code from any site.  Similar vulnerabilities
could potentially be found in sites such as HTML validation utilities
or broken link checkers.

I also found several domain name registrars that had whois lookups
that were vulnerable to cross-site scripting.  These in particular
could be serious vulnerabilities as some of these registrars allow
login via cookies.  By sending a properly crafted URL to the right
person, one could potentially hijack another's domain.

Mark Burnett
www.xato.net



On Tue, 29 Jan 2002 23:25:52 +0100, Frog Frog wrote:
> Nice... I just want to say that there is a tutoriel in french about
> cross  site scripting : http://balteam.multimania.com/Tuts/css.txt .
> If you have additions or advices, please send them to me...  Thx :)
>
> > From: "- phinegeek -" <phine () anonymous to> To: vuln
> > -dev () securityfocus com Subject: CSS, CSS & let me give you some
> > more CSS Date: Tue, 29 Jan 2002 00:31:21 -0800
> >
> > A little while back I posted some info on a CSS bug I found on
> > ebay, http://securityfocus.com/archive/82/246275.
> > Just about every site(not joking) you go to has this type of
> > vulnerability,  its nothing new. Luckily, CSS vulns are very easy
> > to fix, after they are  discovered.
> > However, you shouldn't have to wait until your site is prefixed
> > with "Cross  Site Scripting" on a Bugtraq posting. These types of
> > errors, as well as  many other similar(but less threatening) types
> > are the product of careless  programming practices.
> > All you need is a method(call it SecureHTML()) that you run all
> > your input  through, before it gets displayed back to the user.
> > This method would be  used throughout your site in a modularized
> > fashion.
> > Isn't this how we should be doing it anyway???
> > This simple principle can also be used for input that becomes part
> > of an  SQL statement(call it SecureSQL()) to guard against sql
> > injection.
> > Just modularize your code folks and make sure all your developers
> > use the  methods when dealing with input.
> > Its really that simple.
> > This is also not new, I guess you could call it prevention?
> >
> > and heres some fun.. alot of Security issues =]
> >
> > Security Focus: http://securityfocus.com/ (copy and paste the text
> > below in the search box just like it is)
> > CSS OR "><SCRIPT><!-- ..tsk tsk tsk.. --></SCRIPT>"
> >
> > Digital Security:
> > http://www.eeye.com/html/forms/recommend.html?u=eeye.com/<SCRIPT>;al
e

> > rt('Digital+Security?');</SCRIPT>
> >
> > Internet Security:
> > http://www.iss.net/search.php?pattern=<script>alert('Internet+Securi

> > ty?');</script>
> >
> > Linux Security: http://search.linuxsecurity.com/cgi-
> > bin/htsearch?words="><script>alert('Linux+Security?')</script>
> >
> > Macintosh Security:
> > http://www.macintoshsecurity.com/search.php?query=";><SCRIPT&#62;aler
t('M

> > acintosh+Security?')</SCRIPT>
> >
> > Social Security??: http://www.ssa.gov/online/forms.html (copy and
> > paste the text below in the search box just like it is)
> > Social Security <SCRIPT>alert('Social Security?');</SCRIPT>
> >
> >
> > 'phine
> >
> > p.s. none of the sites above have been notified.
> > If I were to tell them, I would feel guilty and have to tell the
> > others I  know about(too many), then I would have to quit my night
> > job.
> >
> > ------------------------------------------------------------
> > This email was sent through the free email service at
> > http://www.anonymous.to/ To report abuse, please visit our website
> > and click 'Contact Us.'
>
>
>
>
> _________________________________________________________________
> MSN Photos est le moyen le plus simple de partager et imprimer vos
> photos :  http://photos.msn.fr/Support/WorldWide.aspx