[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] security warning?
- Subject: [cobalt-security] security warning?
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Mon, 12 Aug 2002 07:28:48 -0700
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I got a security warning today from an unknown sender in Japan...
He wrote me (not I've left the domain names out of your examples, you
can probably try with one of your own domains):
>Hi.
>
>For your information.
>
>There are some vulnerabitities in your site.
>
>Exploit:
>
>http://<one-of-my-domains-was-here>/cgiwrapDir/cgiwrap/
<script>alert('Cross-site%20Scripting%20Here')</script><plaintext>
>
>http://<one-of-my-domains-was-here>/cgiwrapDir/cgiwrapd/
<script>alert('Cross-site%20Scripting%20Here')</script><plaintext>
>
After looking up "cross-site scripting" on google, determining that his
examples were benign, and checking the email source code to make sure he
didn't have any sinister code in his links (when you look up cross-site
scripting you'll see why I did this)...
I found that in both cases the examples didn't run because the script
wasn't found.
But it looks like if malicious code was in there, I would have been a
victim.
Any ideas of how to protect against it? While I'm studying this now,
even the .pdf file I found at cert
(http://www.cert.org/archive/pdf/cross_site_scripting.pdf) didn't give
me much on how to fix the vulnerability; only that it existed.
Any comments or ideas?
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA 92517
voice: +1 909 778-9980 * fax: +1 909 548-9484