WebApp Sec mailing list archives

Re: what does this allow ?

From: "Gary H. Jones II" <gary () pointblanksecurity com>
Date: Thu, 19 Jun 2003 13:08:34 -0400

Vince,  Here is the advisory written by CERT back in 2000, I think this will
give you a better understanding on the effects of Cross Site Scripting bugs.

http://www.cert.org/advisories/CA-2000-02.html

----- Original Message -----
From: "Vince Hoffman" <Vince.Hoffman () uk circle com>
To: <webappsec () securityfocus com>
Sent: Thursday, June 19, 2003 5:20 AM
Subject: what does this allow ?

Hi all,
I was running a routine nessus scan on some servers i administrate
and one of them gave me a warning of

The following requests seem to allow the reading of
sensitive files or XSS. You should manually try them to see if anything

bad

happens :
/default.asp?gateway=<script>alert('foo')</script>

I tried that and it worked, I forwarded it to a developer for that machine
and he didnt seem worried by it. Should he be ?
A bit vague i know but webapps arent realy my forte.

Thanks,
Vince

Current thread:

what does this allow ? Vince Hoffman (Jun 19)
- Re: what does this allow ? Kevin Spett (Jun 19)
- Re: what does this allow ? Gary H. Jones II (Jun 19)
- <Possible follow-ups>
- Fwd: what does this allow ? Peter Wood (Jun 19)
- RE: what does this allow ? Calderon, Juan C (EM, DDEMESIS) (Jun 19)
- RE: what does this allow ? Vince Hoffman (Jun 19)