WebScarab <= 20060621-0003 cross site scripting

2006.07.26
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 2.6/10
Impact Subscore: 2.9/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0012 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ WebScarab Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Jul 18, 2006 PUBLISHED AT http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt.gpg PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ SECURITY at MORITZ hyphon NAUMANN d0t COM GPG key: http://moritz-naumann.com/keys/0x277F060C.asc AFFECTED APPLICATION OR SERVICE WebScarab http://www.owasp.org/index.php/OWASP_WebScarab_Project http://sourceforge.net/projects/owasp/ WebScarab is a Free Software for manual and semi-automatic web application penetration testing. It is developed in Java by Rogan Dawes as part of the Open Web Application Security Project (OWASP). AFFECTED VERSIONS Version 20060621-0003 and below ISSUES WebScarab is subject to a client side script code injection vulnerability which may allows for running cross site scripting attacks against web clients connecting through it. +++++ 1. Cross Site Scripting vulnerability in error messages By accessing the following URI using a web browser which is prone to this issue and configured to proxy through a vulnerable version of WebScarab, a non-persitent web script injection can be achieved: http://arbitrary.domain/</pre><script>alert(0);</script> This allows for disclosure of sensitive data stored in the security context of any arbitrary domain which the web browser has previously accessed but WebScarab is not able to access by the time the attack takes place (due to invalid upstream proxy setting on WebScarab, different results of DNS queries, limited connectivity or other reasons). Ms Internet Explorer 6 SP2 and Konqueror 3.5.3 are known to be prone to this issue. This problem is caused by insufficient santitation of user supplied input before it is returned to the client as part of an error message. BACKGROUND Cross Site Scripting (XSS): Cross Site Scripting, also known as XSS or CSS, describes the injection of malicious content into output produced by a web application. A common attack vector is the inclusion of arbitrary client side script code into the applications' output. Failure to completely sanitize user input from malicious content can cause a web application to be vulnerable to Cross Site Scripting. http://en.wikipedia.org/wiki/XSS http://www.cgisecurity.net/articles/xss-faq.shtml WORKAROUNDS Client: Disable Javascript. Server: None known. SOLUTIONS Rogan Dawes has released version 20060718-1904 today. This version fixes this issue. The updated packages is available at http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=6 1823 TIMELINE Jul 18, 2006: Discovery, code maintainer notification Jul 18, 2006: Code maintainer provides fix Jul 18, 2006: Public advisory REFERENCES N/A ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License Germany http://creativecommons.org/licenses/by-sa/2.0/de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEvVpon6GkvSd/BgwRArImAJ4wq5+KO9B8Lt/QT7gaCc+zDhAH0QCfe0pY 8lOADqs+qmKzqw0cgeb3HWU= =32H+ -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top