Full Disclosure mailing list archives
Re: Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)
From: "Ven Ted" <v3nt3d () googlemail com>
Date: Tue, 22 Apr 2008 12:09:52 +0100
v3nt3d is happy to accept these first two entries to "Tuesday" (A new and innovative day brought to you by v3nt3d) - If you want a real chance to win you may have to try to be more obnoxious (Releasing an XSS under creative commons is a good start though). n3td3v, v3nt3d likes your entry, but knows you can do much better... On Tue, Apr 22, 2008 at 12:01 PM, n3td3v <xploitable () gmail com> wrote:
On Tue, Apr 22, 2008 at 11:25 AM, Hanno Böck <hanno () hboeck de> wrote:Two smaller issues in s9y, published here: http://int21.de/cve/CVE-2008-1386-s9y.html http://int21.de/cve/CVE-2008-1387-s9y.html Cross Site Scripting (XSS) in serendipity 1.3 referrer plugin,CVE-2008-1385References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1385 http://www.s9y.org/ Description In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS. Example One can inject malicious javascript code with: wget --referer='http://<hr onMouseOver="alert(7)">' http://someblog.com/ Workaround/Fix If you are using the referrer plugin, upgrade to 1.3.1. Disclosure Timeline 2008-03-18 Vendor contacted 2008-03-18 Vendor answered 2008-03-18 Vendor fixed issue in trunk/branch revision 2008-04-22 Vendor released 1.3.1 2008-04-22 Advisory published CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned thenameCVE-2008-1385 to this issue. This is a candidate for inclusion in theCVElist (http://cve.mitre.org/), which standardizes names for securityproblems.Credits and copyright This vulnerability was discovered by Hanno Boeck of schokokeks.orgwebhosting. It's licensed under the creative commons attribution license. Hanno Boeck, 2008-04-xx, http://www.hboeck.de Cross Site Scripting (XSS) in serendipity 1.3 installer, CVE-2008-1386 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1386 http://www.s9y.org/ Description The installer of serendipity 1.3 has various Cross Site Scriptingissues. Thisis considered low priority, as attack scenarios are very unlikely. Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are not escaped,thusthe database host field can also be filled with javascript. Workaround/Fix If you are doing a fresh installation of serendipity, use version 1.3.1. In general, don't leave uninstalled webapplications laying around on apublicwebspace. Disclosure Timeline 2008-03-21 Vendor contacted with patches 2008-03-21 Vendor fixed issue in trunk/branch revision 2008-04-22 Vendor released 1.3.1 2008-04-22 Advisory published CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned thenameCVE-2008-1386 to this issue. This is a candidate for inclusion in theCVElist (http://cve.mitre.org/), which standardizes names for securityproblems.Credits and copyright This vulnerability was discovered by Hanno Boeck of schokokeks.orgwebhosting. It's licensed under the creative commons attribution license. Hanno Boeck, 2008-04-xx, http://www.hboeck.de -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/Web Application Security Awareness Day, Its the only day in the year you don't get laughed at for releasing XSS. Learn More http://n3td3v.googlepages.com/home http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061507.html Regards, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387) Hanno Böck (Apr 22)
- Re: Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387) n3td3v (Apr 22)
- Re: Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387) Ven Ted (Apr 22)
- Re: Cross site scripting issues in s9y(CVE-2008-1386, CVE-2008-1387) Morning Wood (Apr 22)
- Correcting CVEs (was Re: Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)) Hanno Böck (Apr 22)
- Re: Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387) n3td3v (Apr 22)