Full Disclosure mailing list archives
XSS vulnerabilities at 404 pages
From: "MustLive" <mustlive () websecurity com ua>
Date: Sat, 28 Nov 2009 22:57:19 +0200
Hello participants of Full-Disclosure. Cross-Site Scripting are very widespread vulnerabilities. The most common place for XSS is a search engines (local on-site search and global engines), as I know from my experience and from my statistic of found holes at web sites and web applications (both published and unpublished holes). As I wrote about it in my project Month of Search Engines Bugs. And in my new series of articles I'll write about other common places of XSS. In my article XSS vulnerabilities at 404 pages (http://websecurity.com.ua/3477/), which I posted in September, I wrote about XSS vulnerabilities at 404 error pages. Here is English version of the article. Cross-Site Scripting (XSS) vulnerabilities (http://websecurity.com.ua/3470/) very widespread in Internet. I regularly discover such vulnerabilities at web sites, which I wrote about at my site, and also mention about XSS holes at famous sites found by other security researches. Also I wrote many times about XSS worms (http://websecurity.com.ua/3455/). I had occasions to discover Cross-Site Scripting vulnerabilities in different web applications, and also in browsers and web servers. After vulnerabilities in search engines, which I wrote about already in details in my project MOSEB (http://websecurity.com.ua/category/moseb/), one of the most widespread are XSS at Error 404 pages. Standard vector of the attack in case of XSS at 404 pages - it's setting of XSS-code as address of the page at the site, which will lead to showing of 404 page and to executing of JavaScript code. XSS: http://site/%3Cscript%3Ealert(document.cookie)%3C/script%3E Such XSS can be reflected, persistent, DOM based and strictly social. Example of persistent XSS at 404 pages is vulnerability in Power Phlogger (http://websecurity.com.ua/1845/) - code will trigger at viewing of visits logs. DOM based XSS also happen to me, particularly in component ProofReader for Joomla (http://websecurity.com.ua/3482/). And reflected XSS at 404 pages - it's the most widespread case. Examples of such XSS are vulnerabilities at mts.com.ua (http://websecurity.com.ua/2078/), in Apache Tomcat (http://websecurity.com.ua/3114/) and in Joomla (http://websecurity.com.ua/3474/). And also vulnerabilities in browsers, which show themselves at 404 pages: Cross-Site Scripting with using of UTF-7 in IE (http://websecurity.com.ua/262/) (reflected) and Cross-Site Scripting with UTF-7 in Mozilla and Firefox (http://websecurity.com.ua/3062/) (strictly social XSS). So developers of web servers, browsers and web sites always need to check their projects on presence of XSS vulnerabilities at 404 pages (as at all other pages about errors). To not allow vulnerabilities at these pages. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS vulnerabilities at 404 pages MustLive (Nov 30)