[35442] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ArbitroWeb v0.6 Javascript injection vulnerability

daemon@ATHENA.MIT.EDU (Josh Gilmour)
Tue Jun 22 19:56:09 2004

Date: 22 Jun 2004 16:50:26 -0000
Message-ID: <20040622165026.20393.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Josh Gilmour <joshg@conqwest.com>
To: bugtraq@securityfocus.com



vendor: ArbitroWeb
about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect all web requests thru it's set of scripts, all URL's contained will be adjusted/mangled to it's own scripts.
date: june 22nd, 2004
vendor status: ?
problem: javascript can be injected into the /?rawURL= field...

ex: www.server.com/?rawURL=&lt;script&gt;javascript:alert();&lt;/script&gt;
popups up a javascript alert...

could be hazardous.... example (alert pops up 100 times):
www.server.com/?rawURL=&lt;script&gt;javascript:for(var i = 0; i < 100; i++) alert();&lt;/script&gt;

it filters out the character " by making it \" so having it do various things that you can usually do with javascript injection is a problem... yet this should be fixed nonetheless, and its a possibility the character " has a workaround...

thanks to wehack.com, as i was looking thrugh their site at advisories and came upon this product....

Thanks,
Josh Gilmour
joshg <at> conqwest <dot> com

home	help	back	first	fref	pref	prev	next	nref	lref	last	post