Apache Server HTML Injection and UTF-7 XSS Vulnerability May 08 2008 11:13PM
lament hero (lament hero gmail com)
Apache Server HTML Injection and UTF-7 XSS Vulnerability

This vulnerability was found by Yaniv Miron and Yossi Yakubov.
This vulnerability will allow an attacker to inject an XSS to any
Apache server that use the Forbidden 403 default page.

After injecting this string:
http://www.victim.com/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3F
u7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vu
TKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6k
BFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C!xc+ADw-scrip
t+AD4-alert('xss')+ADw-/script+AD4---//--

You will get a Forbidden 403 error message with an XSS alert.
This string is combined from HTML Injection and a XSS string coded in UTF-7.

This is only a PoC and because of that the browser should be in auto
select mode of encoding so it could use the UTF-7 encoding.

This attack had been tested on some Apache versions as 2.2.x and 1.3.x
and on some versions of FireFox up to version 2.0.0.x and in IE 6 and
7.

We leave it to other hackers to upgrade the attack and make it fully automatic.

Yaniv Miron aka "Lament".

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus