Re: [freenet-support] Cross site scripting ...

Tue, 29 Oct 2002 14:28:53 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just updated to 527 and this is still vulnerable. Here's the HTML output I get for 
going to the URL below:

<html>
<head>
<title> Couldn't retrieve 
<script>document.write('test1<H1>test2</H1>');</script></title>
</head>

<body bgcolor="#ffffff">
<h1>Unexpected key</h1>
<p>Key: <b><script>document.write('test1<H1>test2</H1>');</script></b> doesn't look 
like a freenet key.</p>
<p>Freenet keys begin with <b>KSK@</b>, <b>SSK@</b>, <b>CHK@</b> or <b>SVK@</b>. The 
most common reason for this 
message is that you are trying to use the Freenet Gateway key form as a search form. 
Please visit one of the 
bookmark links on the gatewayand follow links to other freesites from there.

<p>If you really want to try and retrieve this key, you can 
<a 
href="/%3cscript%3edocument.write%28%27test1%3cH1%3etest2%3c/H1%3e%27%29%3b%3c/script%3e?force=true">Retrieve
 
anyway</a>, 
or <a HREF="/">return</a> to gateway page
</body>
</html>


:geckox


++ 29/10/02 22:13 +0000 - Matthew Toseland:
>On Tue, Oct 29, 2002 at 08:06:18PM -0000, Dave Hooper wrote:
>> > the following executes custom html.
>> >
>> > http://127.0.0.1:8888/%3Cscript%3Edocument.write('test');%3C/script%3E
>> 
>> True - for example :
>> http://127.0.0.1:8888/%3Cscript%3Edocument.write('test1%3cH1%3etest2%3c/H1%3
>> e');%3C/script%3E
>> The code that displays the "Unexpected key" page should really HTMLise the
>> string in case it contains < > " ' � etc symbols, otherwise such symbols
>> will make their way directly into the HTML of the page!
>Please try this in 527/0.5.0.2 (or current devel CVS) - it should be fixed in 
>both branches now.
>
>-- 
>Matthew Toseland
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>Freenet/Coldstore open source hacker.
>Employed full time by Freenet Project Inc. from 11/9/02 to 11/11/02.
>http://freenetproject.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vwsCSMrcfZpjDKERAnaTAJ9uxPfD8+J5pMwtBn1ykRZP87LiWgCgvsa0
0QfDy9Ejli64FQtC7e+nMxU=
=Ls9z
-----END PGP SIGNATURE-----

_______________________________________________
support mailing list
[EMAIL PROTECTED]
http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support

Reply via email to