Vulnerability Development mailing list archives

RE: Cross-Site Scripting in PlumTree?

From: Ed Moyle <emoyle () scsnet csc com>
Date: Mon, 07 Jan 2002 08:55:05 -0500

Todd,

        Well, there was a CERT advisory a while back...  http://www.cert.org/advisories/CA-2000-02.html. It has some 
good information in it.  Plus, many of the web server vendors have advisories about this, which talk about how it works 
in their particular products.  The Apache one is really thorough.

        BTW, a good resource on who is vulnerable is :  http://www.devitry.com/security.html

-E

-----Original Message-----
From: Oliver, Todd [mailto:cto () intellithought com]
Sent: Sunday, January 06, 2002 14:19
To: Ed Moyle; vuln-dev () securityfocus com
Subject: RE: Cross-Site Scripting in PlumTree?


Where could I obtain solid documentation on Cross-Site Scripting
vulnerabilities and how they work and what kind of exposures they
create?

Thanks


Todd

-----Original Message-----
From: Ed Moyle [mailto:emoyle () scsnet csc com] 
Sent: Friday, January 04, 2002 2:33 PM
To: vuln-dev () securityfocus com
Subject: Cross-Site Scripting in PlumTree?


Hi.

Anybody know about cross-scripting in PlumTree?  I happened to notice
this while I was at the plumtree-hosted demonstration site
(portal.plumtree.com.)  It appears as if plumtree portal ships by
default some error page (error.asp) that parrots back the message that
appears as part of the request URI.  This error page seems to recieve an
argument that is a textual description of the error that is shown to the
user on the resulting page...

In the below example, <plumtreeserver> should point to the plumtree
server (obviously), and <portalname> should be the directory for the
portal.  For example, you might have a plumtree server called
"portal.domain.dom" and the first directory was called "portal"...  

http://<plumtreeserver>/<portalname>/common/error.asp?UserID=2&Descripti
on=%3CSCRIPT%20LANGUAGE%3DJAVASCRIPT%3Ealert%28%22Cross-Script%22%29%3B%
3C/script%3e   

(seems to work w/ IE, but is not tested on Netscape.)

Does anybody know if PlumTree has a procedure to fix this posted
somewhere? -E

Current thread:

Cross-Site Scripting in PlumTree? Ed Moyle (Jan 04)
- <Possible follow-ups>
- RE: Cross-Site Scripting in PlumTree? Oliver, Todd (Jan 06)
  - Re: Cross-Site Scripting in PlumTree? Marshal (Jan 06)
- RE: Cross-Site Scripting in PlumTree? sq (Jan 06)
- RE: Cross-Site Scripting in PlumTree? Ed Moyle (Jan 07)