[25993] in bugtraq
Re: XSS in HTDIG
daemon@ATHENA.MIT.EDU (Henrik Edlund)
Fri Jun 28 16:33:50 2002
Date: Fri, 28 Jun 2002 19:06:29 +0200 (MET DST)
From: Henrik Edlund <henrik@edlund.org>
To: Peter Watkins <peterw@usa.net>
Cc: Howard Yeend <h_bugtraq@yahoo.com>, <bugtraq@securityfocus.com>
In-Reply-To: <20020627162524.A25470@usa.net>
Message-ID: <Pine.LNX.4.44.0206281905330.9527-100000@ticalc.ticalc.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 27 Jun 2002, Peter Watkins wrote:
PW> What version is this? With the sample templates in ht://Dig version
PW> 3.1.6, the "words" info seems to be properly escaped -- I just see the
PW> <script> stuff inside the text input box, and translated on the page.
PW> For example,
PW>
PW> http://www.htdig.org/cgi-bin/htsearch?config=htdig;words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
PW>
PW> My example URL suggests that version 3.1.5 is also immune, though 3.1.5
PW> has other issues that 3.1.6 resolves -- see
PW> http://online.securityfocus.com/bid/3410 and
PW> http://www.htdig.org/index.html
Version 3.2.0b3 seems to be vunerable.
--
http://www.edlund.org/
