Re: CSS, CSS & let me give you some more CSS

["- phinegeek -" <phine () anonymous to>]

> Ok, so I am a little confused.  My understanding of CSS is that an
> attacker is trying to reach a victim through a 3rd party website.
> For instance, I post a message to a message board that contains
> javascript, and it runs on a victim's machine, who viewed that
> message.  
>
> The reason I am confused is that, all of your supposed CSS vulns are
> directed at search scripts.  Do the queries you are entering get
> stored on the website, for later viewing by OTHER users?  It doesn't
> seem likely.  The only person you could exploit would be, well,
> yourself.  
>
> Maybe I have completely missed the boat on this one, and if so,
> please explain how I could attack someone ELSE with these...

Ah, Good Question.
I wouldn't have posted it if it couldn't be utilized in such a way. You can exploit these types of CSS vulns by causing 
your victim to process a specially formatted url that is from the trusted source(with your code in it). This is 
somewhat similar to the concept that many virus writers have used to spread their payload via e-Mail file 
attachments(relying on the fact that most people are stupid enough to open them). Of course, you will need to make sure 
that GET is supported as the HTTP method for the 3rd party site(usually is). Message board CSS vulns are kinda obvious. 
These types take a little more thought and are also harder to detect because of the fact that there is no evidence(as 
would be on a message board). However, you might be able to catch this by analyzing your logs. Its really much easier 
to use proper coding techniques and not have to worry about lame bugs like this. Hope it helps.

'phine

------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click 'Contact Us.'