Bug #287: Cookie Injection Vulnerability - ThreatFactor NSIA - LukeMurphey.net

Bug #287

Cookie Injection Vulnerability

Added by Luke Murphey over 13 years ago. Updated over 13 years ago.

Status:

Closed

Priority:

Immediate

Assignee:

Category:

Web Interface

Target version:

1.0.2

Start date:

12/03/2010

Due date:

12/03/2010

% Done:

100%

Description

Optics for Vulnerability Management discovered a vulnerability in NSIA:

nc -v 127.0.0.1 8080
GET /<script>cross_site_scripting.nasl</script>.asp HTTP/1.1
Host:127.0.0.1
<pre>

This returns:
<pre>
<code class="html">
        <p>
                <form method="post" action="/<script>cross_site_scripting.nasl</script>.asp">
                        <input class="button" type="submit" value="Accept" name="BannerCheck">

                </form><p/>
</code>
</pre>

History

#1 Updated by Luke Murphey over 13 years ago

Subject changed from Cookie injection to Cookie Injection Vulnerability

#2 Updated by Luke Murphey over 13 years ago

The following request will illustrate the problem more clearly: http://127.0.0.1:8080/"><script>alert('XSS')</script>

#3 Updated by Luke Murphey over 13 years ago

Run the following regex search against FTL to find portions of templates that may need escaping:

[$][{][a-zA-Z0-9.()]+[^?][a-zA-Z0-9.()]+[}]

#4 Updated by Luke Murphey over 13 years ago

Status changed from New to Closed
% Done changed from 0 to 100

Confirmed fixed by OSVM and manual test

Also available in: Atom PDF

Project

General

Profile

ThreatFactor NSIA

Issues

Custom queries