Vulnerability Development mailing list archives

Re: CSS implication

From: "Arta" <arta () the-group org>
Date: Mon, 18 Mar 2002 09:35:08 -0000

You can also execute arbitrary commands as the user that runs php/apache if
the author of the script does anything like this:

<?php
include $somevariable.".inc";
?>

you could then craft a URL to include a txt file containing php code from
another server - then, using popen and exec and system, etc, you can get it
to do just about anything. If a mysql connection was opened before the above
line you could steal their entire database. There was a bug like this in
PHPNuke a while back.

Harry


----- Original Message -----
From: "Matt Priestley" <mpriest () microsoft com>
To: <vuln-dev () securityfocus com>
Sent: Saturday, March 16, 2002 9:47 PM
Subject: RE: CSS implication


Here are some of the things my security team has observed with relation to
cross-site scripting:

* as you said, persistent cookie theft
* "session theft" where you act in the context of a privileged user
* as you said, running script or objects
* SQL injection attacking the back end logic
* likewise, XML injection
* changing page banners or other decorations in deceptive ways
* DoS attacks on the underlying system error logs
* causing a trusted page to display a link to an untrusted page

-----Original Message-----
From: zero [mailto:zeroboy () arrakis es]
Sent: Saturday, March 16, 2002 5:39 AM
To: vuln-dev () securityfocus com
Subject: CSS implication


Hi all,
         I'm working on a CSS paper, and I was wondering, what are the real
implications of a CSS attack. When some site is vuln to a CSS problem,
you're able to execute code on the web. I've thought about the implications
of this. First of all:
         - You can steal cookies from users
         - You can send bogus links faking the original site: i.e
http://site/vuln.php?query=<script>...(faking vuln.php)...</script>
         - You can download & launch activeX (possible to download and
execute trojans?)

Any more dangerous implications?


mailto:zeroboy () arrakis es
http://www.podergeek.com
http://www.citfi.org
**************************************************
"The further backward you look, the further forward you can see" Winston
Churchill
  "Para ganar, hay gente que debe perder"

Current thread:

CSS implication zero (Mar 16)
- Re: CSS implication Jeremiah Grossman (Mar 16)
- <Possible follow-ups>
- Re: CSS implication Frog Man (Mar 17)
  - Re: CSS implication Bill Weiss (Mar 17)
- Re: CSS implication zero (Mar 17)
  - Re: CSS implication Jeremiah Grossman (Mar 18)
    - Re: CSS implication zero (Mar 18)
    - Re: CSS implication Jeremiah Grossman (Mar 19)
    - Re: CSS implication Sverre H. Huseby (Mar 23)
- RE: CSS implication Matt Priestley (Mar 17)
  - Re: CSS implication Arta (Mar 18)
- Re: CSS implication b0iler _ (Mar 20)
  - Re: CSS implication HarryM (Mar 21)
  - Re: CSS implication Sverre H. Huseby (Mar 21)