security: Javascript injection vulnerability
Status: Alpha
Brought to you by:
joakimerdfelt
Menu
▾
▴
#4 security: Javascript injection vulnerability
Recently this bug was discovered by Josh Gilmour in 0.6
version.
http://www.forbiddenweb.org/viewtopic.php?t=12571&view=previous
Copying the verbatim contents of the post here:
endor: ArbitroWeb
about: An anonymous web surfing proxy written in PHP.
ArbitroWeb will redirect all web requests thru it's set
of scripts, all URL's contained will be
adjusted/mangled to it's own scripts.
date: june 22nd, 2004
vendor status: ?
problem: javascript can be injected into the /?rawURL=
field...
ex:
www.server.com/?rawURL=<script>javascript:alert();</script>
popups up a javascript alert...
could be hazardous.... example (alert pops up 100 times):
www.server.com/?rawURL=<script>javascript:for(var
i = 0; i < 100; i++) alert();</script>
it filters out the character " by making it \" so
having it do various things that you can usually do
with javascript injection is a problem... yet this
should be fixed nonetheless, and its a possibility the
character " has a workaround...
thanks to wehack.com, as i was looking thrugh their
site at advisories and came upon this product....
Thanks,
Josh Gilmour
joshg <at> conqwest <dot> com
Logged In: YES
user_id=102115
The patch for this is pretty easy and is now in the patches section: http:/
/sourceforge.net/tracker/index.php?
func=detail&aid=1123558&group_id=33967&atid=409924