Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
CSS found in Movable Type
May 12 2003 06:26PM
DarkHunter (darkhunter7 hackermail com)
(1 replies)
Summary:
Movable Type is a decentralized web-based personal publishing system
designed to ease maintenance of regularly-updated content. This content
can consist of, but is not limited to, entries in a weblog or online
journal, photographs in an online photo gallery, news headlines on a
newspaper site, or articles in an online magazine.
Details:
Vendor's site: www.movabletype.org
Vulnerable systems:
Movable Type version 2.63 and prior.
Cross Site Scripting Vulnerability found in writing the comments, in the
Comments section there is sevral textboxs:
Name, Email Address, URL and Comments.
and all the textboxs allow using the javascript codes.
in order to causes a CSS attack on the target site we need to write a
javascript code in the Name textbox (in some versions u can write the
javascript code in the other textboxs of the Comments).
Examples:
You can use this javascripts codes:
<script>alert(document.cookie)</script>
<script>alert("CSS discovered by DarkHunter")</script>
"DarkHunter><script> .. (This code is so bad :) .. it causes disappering
of all the Comments textboxs and buttons .. in other words every thing
after this code will disapper).
and of course there are many codes that u can use.
Solution:
Edit the source code to strip malicious characters from Name, Email
Address, URL and Comments textboxs or escape malicious characters using
addslashes().
check the vendor's website for new patches.
Additional information:
The information has been provided by DarkHunter.
[ reply ]
Re: CSS found in Movable Type
May 12 2003 08:00PM
Jordan Wiens (jwiens nersp nerdc ufl edu)
(1 replies)
Re: CSS found in Movable Type
May 12 2003 08:25PM
Jordan Wiens (jwiens nersp nerdc ufl edu)
Privacy Statement
Copyright 2009, SecurityFocus
Summary:
Movable Type is a decentralized web-based personal publishing system
designed to ease maintenance of regularly-updated content. This content
can consist of, but is not limited to, entries in a weblog or online
journal, photographs in an online photo gallery, news headlines on a
newspaper site, or articles in an online magazine.
Details:
Vendor's site: www.movabletype.org
Vulnerable systems:
Movable Type version 2.63 and prior.
Cross Site Scripting Vulnerability found in writing the comments, in the
Comments section there is sevral textboxs:
Name, Email Address, URL and Comments.
and all the textboxs allow using the javascript codes.
in order to causes a CSS attack on the target site we need to write a
javascript code in the Name textbox (in some versions u can write the
javascript code in the other textboxs of the Comments).
Examples:
You can use this javascripts codes:
<script>alert(document.cookie)</script>
<script>alert("CSS discovered by DarkHunter")</script>
"DarkHunter><script> .. (This code is so bad :) .. it causes disappering
of all the Comments textboxs and buttons .. in other words every thing
after this code will disapper).
and of course there are many codes that u can use.
Solution:
Edit the source code to strip malicious characters from Name, Email
Address, URL and Comments textboxs or escape malicious characters using
addslashes().
check the vendor's website for new patches.
Additional information:
The information has been provided by DarkHunter.
[ reply ]