[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] XSS vulnerabilities at 404 pages
From:       "MustLive" <mustlive () websecurity ! com ! ua>
Date:       2009-11-28 20:57:19
Message-ID: 001301ca706d$6c65d680$010000c0 () ml
[Download RAW message or body]

Hello participants of Full-Disclosure.

Cross-Site Scripting are very widespread vulnerabilities. The most common
place for XSS is a search engines (local on-site search and global engines),
as I know from my experience and from my statistic of found holes at web
sites and web applications (both published and unpublished holes). As I
wrote about it in my project Month of Search Engines Bugs. And in my new
series of articles I'll write about other common places of XSS.

In my article XSS vulnerabilities at 404 pages
(http://websecurity.com.ua/3477/), which I posted in September, I wrote
about XSS vulnerabilities at 404 error pages. Here is English version of the
article.

Cross-Site Scripting (XSS) vulnerabilities (http://websecurity.com.ua/3470/)
very widespread in Internet. I regularly discover such vulnerabilities at
web sites, which I wrote about at my site, and also mention about XSS holes
at famous sites found by other security researches. Also I wrote many times
about XSS worms (http://websecurity.com.ua/3455/).

I had occasions to discover Cross-Site Scripting vulnerabilities in
different web applications, and also in browsers and web servers. After
vulnerabilities in search engines, which I wrote about already in details in
my project MOSEB (http://websecurity.com.ua/category/moseb/), one of the
most widespread are XSS at Error 404 pages.

Standard vector of the attack in case of XSS at 404 pages - it's setting of
XSS-code as address of the page at the site, which will lead to showing of
404 page and to executing of JavaScript code.

XSS:

http://site/%3Cscript%3Ealert(document.cookie)%3C/script%3E

Such XSS can be reflected, persistent, DOM based and strictly social.

Example of persistent XSS at 404 pages is vulnerability in Power Phlogger
(http://websecurity.com.ua/1845/) - code will trigger at viewing of visits
logs. DOM based XSS also happen to me, particularly in component ProofReader
for Joomla (http://websecurity.com.ua/3482/). And reflected XSS at 404
pages - it's the most widespread case. Examples of such XSS are
vulnerabilities at mts.com.ua (http://websecurity.com.ua/2078/), in Apache
Tomcat (http://websecurity.com.ua/3114/) and in Joomla
(http://websecurity.com.ua/3474/).

And also vulnerabilities in browsers, which show themselves at 404 pages:
Cross-Site Scripting with using of UTF-7 in IE
(http://websecurity.com.ua/262/) (reflected) and Cross-Site Scripting with
UTF-7 in Mozilla and Firefox (http://websecurity.com.ua/3062/) (strictly
social XSS).

So developers of web servers, browsers and web sites always need to check
their projects on presence of XSS vulnerabilities at 404 pages (as at all
other pages about errors). To not allow vulnerabilities at these pages.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]