Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

ArbitroWeb v0.6 Javascript injection vulnerability
From: Josh Gilmour <joshg () conqwest com>
Date: 22 Jun 2004 16:50:26 -0000


vendor: ArbitroWeb
about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect all web requests thru it's set of 
scripts, all URL's contained will be adjusted/mangled to it's own scripts.
date: june 22nd, 2004
vendor status: ?
problem: javascript can be injected into the /?rawURL= field...

ex: www.server.com/?rawURL=&lt;script&gt;javascript:alert();&lt;/script&gt;
popups up a javascript alert...

could be hazardous.... example (alert pops up 100 times):
www.server.com/?rawURL=&lt;script&gt;javascript:for(var i = 0; i < 100; i++) alert();&lt;/script&gt;

it filters out the character " by making it \" so having it do various things that you can usually do with javascript 
injection is a problem... yet this should be fixed nonetheless, and its a possibility the character " has a 
workaround...

thanks to wehack.com, as i was looking thrugh their site at advisories and came upon this product....

Thanks,
Josh Gilmour
joshg <at> conqwest <dot> com

  By Date           By Thread  

Current thread:
  • ArbitroWeb v0.6 Javascript injection vulnerability Josh Gilmour (Jun 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]