[Freeciv-Dev] [Metaserver] scripting security hole (PR#1424)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Full_Name: Stefan Schnetter
Version:
Distribution: Don't know
Client: Both (or N/A)
OS:
Submission from: (NULL) (217.82.56.232)
Today i have tried to execute a Javascript Mozilla >0.9.7 (closed in newest CVS
Version Bugzilla-ID 141061) and Netscape >6.1 exploit at the Metaserver page.
Exploit description:
http://sec.greymagic.com/adv/gm001-ns/
Heise.de (german):
http://www.heise.de/newsticker/data/ju-30.04.02-000/
I have modified and splitted (Metainfo is limited to 68 characters) the script
and tested it local (maybe this script work only local).
<script>var A=XMLHttpRequest();var B="/etc/passwd";</script>
<script>A.open("GET",B,false);A.send(null);</script>
<script>alert(A.responseText);</script>
On the Metaserver it will be executed on the server and not local! It returns a
404 html page source code.
So you can display e.g. /robots.txt but not the local password file of your PC
(as i thougt) or the pasword file of the Server. ;)
I only want to tell you that it is DANGER if it is possible to execute own
scripts. Maybe it is possible to load external scripts or even more danger
things (crack the server with exploits).
- [Freeciv-Dev] [Metaserver] scripting security hole (PR#1424),
schnetter <=
|
|
