Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: IE gopher cross site scripting]

From: KF <dotslash () snosoft com>
Date: Sun, 16 Jun 2002 23:17:19 -0400
Not sure why but I can't seem to get this message through to the lists...
-KF
--- Begin Message --- From: "KF" <dotslash () snosoft com>
Date: Mon, 17 Jun 2002 03:38:12 -0700
======================================================================

Strategic Reconnaissance Team Security Advisory (SRT2002-06-16-0314)

Topic  : IE gopher view Cross Site Scripting 
Date   : June 16, 2002
Credit : KF dotslash[at]snosoft.com
Site   : http://www.snosoft.com

======================================================================

.: Description:
---------------

Internet Explorer 5 (and others?) allow cross site scripting in gopher 
view. This is currently the lease of your worries with gopher but it 
may still pose a threat. 

.: Impact:
----------

The usual cross site scripting attack consequences are subject here. 
Your script must fit into a finite amount of character space or it 
will be truncated thus making it fail. 

In order to duplicate this attack I used gn gohperd on my linux box. 
I made a malicious .cache file as shown below in order to to exploit 
the browser. 

[root@localhost dir]# cat menu
Name=<script>alert('When can we see the source code bill?')</script>
Path=0/hrmm
Type=0
Host=10.0.1.234
Port=70

[root@localhost dir]# /root/gn-2.25-DEV/mkcache/mkcache
Warning:  Unable to open mime type file:
/path/to/src/mkcache/gn_mime.types
Using defaults.
Writing cache file ./.cache

next open the link gopher://10.0.1.234/1
viola javascript alert with extra cheese. 

.: Systems Affected:
--------------------

Microsoft based machines with unknown versions of IExplorer.

.: Solution:
------------

Step 1.) Ask your vendor for the source code so that you can make your
own patch. Oh wait that would make you an "open source terrorist".

Step 2.) In the event that step one fails please format your c drive. 

======================================================================

-KF

--- End Message ---
Previous By Date Next
Previous By Thread Next

Current thread: