Vulnerability Development mailing list archives
Re: CSS, CSS & let me give you some more CSS
From: Slow2Show <sl2sho () yahoo com>
Date: 29 Jan 2002 23:24:28 -0000
In-Reply-To: <20020129113027.B10678 () kavi com>
Ok, so I am a little confused. My understanding of CSS is that an attacker is trying to reach a victim through a 3rd party website. For instance, I post a message to a message board that contains javascript, and it runs on a victim's machine, who viewed that message.
Yes this is one form of webApp attack you are using the CSS attack vector to return user injected script/HTML/PHP back to a page that is viewable by other website visitors...this is one of the more damaging attacks...but isn't all that CSS is limited to
The reason I am confused is that, all of your supposed CSS vulns are directed at search scripts. Do the queries you are entering get stored on the website, for later viewing by OTHER users? It doesn't seem likely. The only person you could exploit would be, well, yourself.
Search engine inputs are notorious for not sanitizing user input..I believe that is why phine chose to focus them...and yes you do bring up a good point, the website queries could be stored on a website...to be viewed later by someone interested in seeing what people are searching for....company user loads up the admin query page...user injected script is executed, and that website's cookie has now been processed by the attackers "cookie collection PHP script(CCPS) on a remote server. How could this affect John Q. Surfer? well lets say I send him a link with a partial Hex converted URL ex: http://website.com/someform?input=%73%75%70 This could be used in a Social Engineering attack to trick another user to visit this link and have their cookie stolen by the attacker's CCPS...or the attacker could use javascript to manipulate the DOM and act on the users part to do various actions...lets say post a message automatically on a forum.
Maybe I have completely missed the boat on this one, and if so, please explain how I could attack someone ELSE with these...
No you just didn't see the whole boat through the fog...cheezy I know ;-)
Now if you showed me that I could slip SQL into one of these search boxes, then I would call that a vulnerability...
that is a whole other story.... reference linx: http://www.cert.org/tech_tips/malicious_code_mitigati on.html http://www.owasp.org/ http://httpd.apache.org/info/css-security/ -Slow2Show- University of Florida Disclaimer: I'm just a stupid college kid!
Current thread:
- CSS, CSS & let me give you some more CSS - phinegeek - (Jan 29)
- Re: CSS, CSS & let me give you some more CSS tmorgan-security (Jan 29)
- Re: CSS, CSS & let me give you some more CSS tmorgan-security (Jan 29)
- <Possible follow-ups>
- Re: CSS, CSS & let me give you some more CSS - phinegeek - (Jan 29)
- Re: CSS, CSS & let me give you some more CSS Frog Frog (Jan 29)
- Re: CSS, CSS & let me give you some more CSS M. Burnett (Jan 31)
- RE: CSS, CSS & let me give you some more CSS Joe Harrison (Jan 31)
- Re: CSS, CSS & let me give you some more CSS Sverre H. Huseby (Jan 31)
- Re: CSS, CSS & let me give you some more CSS M. Burnett (Jan 31)
- Re: CSS, CSS & let me give you some more CSS tmorgan-security (Jan 29)
- Re: CSS, CSS & let me give you some more CSS Slow2Show (Jan 29)
- Re: CSS, CSS & let me give you some more CSS SiLenCe (Jan 29)