[Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
This is causing the browser to make a request for the file, so you will
only be able to force it to grab files it can already grab.
The metaserver shouldn't allow tags, but this isn't a security problem.
On Wed, May 01, 2002 at 08:59:27AM -0700, schnetter@xxxxxxx wrote:
> Full_Name: Stefan Schnetter
> Version:
> Distribution: Don't know
> Client: Both (or N/A)
> OS:
> Submission from: (NULL) (217.82.56.232)
>
>
> Today i have tried to execute a Javascript Mozilla >0.9.7 (closed in newest
> CVS
> Version Bugzilla-ID 141061) and Netscape >6.1 exploit at the Metaserver page.
>
> Exploit description:
> http://sec.greymagic.com/adv/gm001-ns/
> Heise.de (german):
> http://www.heise.de/newsticker/data/ju-30.04.02-000/
>
> I have modified and splitted (Metainfo is limited to 68 characters) the script
> and tested it local (maybe this script work only local).
>
> <script>var A=XMLHttpRequest();var B="/etc/passwd";</script>
> <script>A.open("GET",B,false);A.send(null);</script>
> <script>alert(A.responseText);</script>
>
> On the Metaserver it will be executed on the server and not local! It returns
> a
> 404 html page source code.
> So you can display e.g. /robots.txt but not the local password file of your PC
> (as i thougt) or the pasword file of the Server. ;)
>
> I only want to tell you that it is DANGER if it is possible to execute own
> scripts. Maybe it is possible to load external scripts or even more danger
> things (crack the server with exploits).
>
--
Paul Zastoupil
|
|
