XSS in MyProxy 20030629

2004-03-11T00:00:00
ID SECURITYVULNS:DOC:5890
Type securityvulns
Reporter Securityvulns
Modified 2004-03-11T00:00:00

Description

                       Donato Ferrante

Application: MyProxy http://www.dietrich.cx/devel/myproxy/

Version: 20030629

Bug: cross site scripting

Author: Donato Ferrante e-mail: fdonato@autistici.org web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  1. Description
  2. The bug
  3. The code
  4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


1. Description:

Vendor's Description:

"MyProxy is a privacy-enhancing personal HTTP 1.1 proxy. Arbitrary URLs can be blocked by regular expression patterns and optionally replaced by transparent GIFs. Cookies can be controlled based on server/domain name. The "Referer", "User-Agent", and "From" HTTP headers can be dealt with in various ways. All user settings are configured through an HTML user interface."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


2. The bug:

The input strings are not filtered by the proxy server so they will appear in the returned page.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


3. The code:

To test the vulnerability:

http://[host]:8080/<script>alert("Test")</script>

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


4. The fix:

Vendor was contacted. Bug will be fixed in the next version.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx