Dorkbot serves 2350+ campuses & nonprofits across 205 countries.
The Information Security Office at the University of Texas at Austin
has found the following web page to be vulnerable to a high-risk application
attack:
ATTACK DETAILS:
This page is vulnerable to Cross-site scripting attacks.
Cross-site scripting attacks, in general, are an issue because
they are enabling attacks. Specially-crafted malicious URLs can
steal authentication tokens/cookies when a logged-in user visits them,
giving the attacker full access to that user's account in the application.
Reflected XSS attacks, in particular, are a concern as they can be used to
socially engineer a user into clicking on what appears to be a legitimate URL.
Please note that the Dorkbot service will re-check this page in the next
30-days to help verify remediation for you.
Please also consider the following:
Web application security testing should be performed regularly,
especially for any public web applications. This includes
tracking application inventory, general code review and vulnerability
assessments using web application security testing tools.
All input received by the web server should be checked before
it is processed. The best method is to remove all unwanted input and
accept only expected input. For example, ensure angle brackets are
not allowed in any input to any Web page fields. Additionally, no
syntactic input should be allowed. Syntactic input can come from
databases, other servers, etc. All input into a Web application must
be filtered to ensure the delivery of clean content to individuals using
your service.
I'm sure Stéphane knows better than me but I wouldn't bother too much about this. The mail doesn't actually say what is wrong (if anything at all) and all the recommendations it provides we've done for some time.
Mark
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There are not enough information to know the parameter implied in this
XSS or how they performed it.
Do you have access to more information Joachim?
Regards,
Le 04/08/2021 à 14:35, Mark Grimshaw a écrit :
I'm sure Stéphane knows better than me but I wouldn't bother too much about this. The mail doesn't actually say what is wrong (if anything at all) and all the recommendations it provides we've done for some time.
Mark
--
Stéphane Aulery
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've asked our Data Center, which forwarded the warning to me, but they didn't know more, too. This came from an automated service for university sites. They said if we've done all the recommendations, it's fine. So I think we can close this issue.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I agree. We've had a few of such warnings over the years and have dealt with them because they always indicate precisely what is wrong and often how to fix it. This, I think, is bad practice on the part of University of Texas – close to spam. Note that the email says they will check again in 30 days . . .
Mark
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Mark and Stéphane,
I've got a warning that my WIKINDX site should be vulnerable to cross-site scripting. Here the message:
~~~
The following alert is the product of the Dorkbot service
created by UT Austin: https://security.utexas.edu/dorkbot
Dorkbot serves 2350+ campuses & nonprofits across 205 countries.
The Information Security Office at the University of Texas at Austin
has found the following web page to be vulnerable to a high-risk application
attack:
HOST: 131.220.93.76 [production.germanistik.uni-bonn.de]
DATE: 2021-08-02 17:35:19 CST/CDT
GET:
https://www.bobc.uni-bonn.de/index.php?action=list_LISTSOMERESOURCES_CORE&m[..]
ATTACK DETAILS:
This page is vulnerable to Cross-site scripting attacks.
Cross-site scripting attacks, in general, are an issue because
they are enabling attacks. Specially-crafted malicious URLs can
steal authentication tokens/cookies when a logged-in user visits them,
giving the attacker full access to that user's account in the application.
Reflected XSS attacks, in particular, are a concern as they can be used to
socially engineer a user into clicking on what appears to be a legitimate URL.
Please note that the Dorkbot service will re-check this page in the next
30-days to help verify remediation for you.
Please also consider the following:
Web application security testing should be performed regularly,
especially for any public web applications. This includes
tracking application inventory, general code review and vulnerability
assessments using web application security testing tools.
All input received by the web server should be checked before
it is processed. The best method is to remove all unwanted input and
accept only expected input. For example, ensure angle brackets are
not allowed in any input to any Web page fields. Additionally, no
syntactic input should be allowed. Syntactic input can come from
databases, other servers, etc. All input into a Web application must
be filtered to ensure the delivery of clean content to individuals using
your service.
Other References:
OWASP Top 10 Proactive Controls
https://www.owasp.org/index.php/OWASP_Proactive_Controls#tab=Main
OWASP Guide to Building Secure Web Applications and Web Services
https://www.owasp.org/index.php/Category:OWASP_Guide_Project
Please let us know if you believe any of this information to be inaccurate
so that we can be of better service in the future.
We hope this information is helpful.
Information Security Office
The University of Texas at Austin
security@utexas.edu
http://security.utexas.edu
=======================================
https://www.facebook.com/utaustiniso
https://twitter.com/UT_ISO
=======================================
~~~
What do you think?
Best
Joachim
I'm sure Stéphane knows better than me but I wouldn't bother too much about this. The mail doesn't actually say what is wrong (if anything at all) and all the recommendations it provides we've done for some time.
Mark
Hi Mark and Joachim,
There are not enough information to know the parameter implied in this
XSS or how they performed it.
Do you have access to more information Joachim?
Regards,
Le 04/08/2021 à 14:35, Mark Grimshaw a écrit :
--
Stéphane Aulery
I've asked our Data Center, which forwarded the warning to me, but they didn't know more, too. This came from an automated service for university sites. They said if we've done all the recommendations, it's fine. So I think we can close this issue.
I agree. We've had a few of such warnings over the years and have dealt with them because they always indicate precisely what is wrong and often how to fix it. This, I think, is bad practice on the part of University of Texas – close to spam. Note that the email says they will check again in 30 days . . .
Mark
I already give a try and find nothing. So I agree that I will not deal with it without better information.