RE: what does this allow ?

[Vince Hoffman <Vince.Hoffman () uk circle com>]

Thanks to all who replied.
I'll be having a few words with our developers.
There is no login area or sensitive data but I understand how it could be
abused a bit more now.
Vince

> -----Original Message-----
> From: Kevin Spett [mailto:kspett () spidynamics com]
> Sent: 19 June 2003 14:35
> To: Vince Hoffman; webappsec () securityfocus com
> Subject: Re: what does this allow ?
>
>
> Cross-site scripting vulnerabilities are indeed real and should be
> addressed.  If you'd like to know more about how they work 
> and how they can
> be used by an attacker to gain unauthorized access to a 
> system, consider the
> following resources:
>
> SPI Dynamics XSS Whitepaper:
> http://www.spidynamics.com/whitepapers/SPIcross-sitescripting.pdf
> CGISecurity XSS Faq: http://www.cgisecurity.com/articles/xss-faq.shtml
> Apache XSS Info: http://httpd.apache.org/info/css-security/
>
>
>
> Kevin Spett
> SPI Labs
> http://www.spidynamics.com/
>
> ----- Original Message ----- 
> From: "Vince Hoffman" <Vince.Hoffman () uk circle com>
> To: <webappsec () securityfocus com>
> Sent: Thursday, June 19, 2003 5:20 AM
> Subject: what does this allow ?
>
>
> > Hi all,
> > I was running a routine nessus scan on some servers i administrate
> > and one of them gave me a warning of
> >
> > The following requests seem to allow the reading of
> > sensitive files or XSS. You should manually try them to see 
> if anything
> bad
> > happens :
> > /default.asp?gateway=<script>alert('foo')</script>
> >
> > I tried that and it worked, I forwarded it to a developer 
> for that machine
> > and he didnt seem worried by it. Should he be ?
> > A bit vague i know but webapps arent realy my forte.
> >
> > Thanks,
> > Vince