Bugtraq mailing list archives
Apache Server HTML Injection and UTF-7 XSS Vulnerability
From: "lament hero" <lament.hero () gmail com>
Date: Fri, 9 May 2008 02:13:21 +0300
Apache Server HTML Injection and UTF-7 XSS Vulnerability This vulnerability was found by Yaniv Miron and Yossi Yakubov. This vulnerability will allow an attacker to inject an XSS to any Apache server that use the Forbidden 403 default page. After injecting this string: http://www.victim.com/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C!xc+ADw-script+AD4-alert('xss')+ADw-/script+AD4---//-- You will get a Forbidden 403 error message with an XSS alert. This string is combined from HTML Injection and a XSS string coded in UTF-7. This is only a PoC and because of that the browser should be in auto select mode of encoding so it could use the UTF-7 encoding. This attack had been tested on some Apache versions as 2.2.x and 1.3.x and on some versions of FireFox up to version 2.0.0.x and in IE 6 and 7. We leave it to other hackers to upgrade the attack and make it fully automatic. Yaniv Miron aka "Lament".
Current thread:
- Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 09)
- <Possible follow-ups>
- Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 10)
- Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 12)
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability cxib (May 12)
- Message not available
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability lament hero (May 15)
- Message not available
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tom . Donovan (May 15)
- Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Jon Ribbens (May 16)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability yos20053 (May 17)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Paul Szabo (May 19)
- Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability Tim (May 19)
- Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability William A. Rowe, Jr. (May 19)