OWASP WebScarab URL错误讯息跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194020 漏洞类型 跨站脚本
发布时间 2006-07-19 更新时间 2007-05-07
CVE编号 CVE-2006-3841 CNNVD-ID CNNVD-200607-410
漏洞平台 N/A CVSS评分 2.6
|漏洞来源
https://www.securityfocus.com/bid/19063
https://cxsecurity.com/issue/WLB-2006070113
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-410
|漏洞详情
WebScarab20060718-1904之前版本存在跨站脚本攻击(XSS)漏洞。用于MicrosoftInternetExplorer6SP2或Konqueror3.5.3时,远程攻击者可以借助当WebScarab不能访问URL时在错误讯息中返回之前未清理的URL,注入任意Web脚本或HTML。
|漏洞EXP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SA0012

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++          WebScarab Cross Site Scripting           +++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PUBLISHED ON
  Jul 18, 2006

PUBLISHED AT
  http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt
  http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt.gpg

PUBLISHED BY
  Moritz Naumann IT Consulting & Services
  Hamburg, Germany
  http://moritz-naumann.com/

SECURITY at MORITZ hyphon NAUMANN d0t COM
  GPG key: http://moritz-naumann.com/keys/0x277F060C.asc

AFFECTED APPLICATION OR SERVICE
  WebScarab
  http://www.owasp.org/index.php/OWASP_WebScarab_Project
  http://sourceforge.net/projects/owasp/

WebScarab is a Free Software for manual and semi-automatic
  web application penetration testing. It is developed in
  Java by Rogan Dawes as part of the Open Web Application
  Security Project (OWASP).

AFFECTED VERSIONS
  Version 20060621-0003 and below

ISSUES
  WebScarab is subject to a client side script code injection
  vulnerability which may allows for running cross site
  scripting attacks against web clients connecting through it.

+++++ 1. Cross Site Scripting vulnerability in error
           messages

By accessing the following URI using a web browser which is
  prone to this issue and configured to proxy through a
  vulnerable version of WebScarab, a non-persitent web script
  injection can be achieved:

http://arbitrary.domain/</pre><script>alert(0);</script>

This allows for disclosure of sensitive data stored in the
  security context of any arbitrary domain which the web browser
  has previously accessed but WebScarab is not able to access
  by the time the attack takes place (due to invalid upstream
  proxy setting on WebScarab, different results of DNS queries,
  limited connectivity or other reasons).

Ms Internet Explorer 6 SP2 and Konqueror 3.5.3 are known to
  be prone to this issue. This problem is caused by insufficient
  santitation of user supplied input before it is returned to
  the client as part of an error message.

BACKGROUND
  Cross Site Scripting (XSS):
  Cross Site Scripting, also known as XSS or CSS, describes
  the injection of malicious content into output produced
  by a web application. A common attack vector is the
  inclusion of arbitrary client side script code into the
  applications' output. Failure to completely sanitize user
  input from malicious content can cause a web application
  to be vulnerable to Cross Site Scripting.

http://en.wikipedia.org/wiki/XSS
  http://www.cgisecurity.net/articles/xss-faq.shtml

WORKAROUNDS
  Client: Disable Javascript.
  Server: None known.

SOLUTIONS
  Rogan Dawes has released version 20060718-1904 today.
  This version fixes this issue. The updated packages is
  available at

http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=6
1823

TIMELINE
  Jul 18, 2006: Discovery, code maintainer notification
  Jul 18, 2006: Code maintainer provides fix
  Jul 18, 2006: Public advisory

REFERENCES
  N/A

ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License Germany
  http://creativecommons.org/licenses/by-sa/2.0/de/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEvVpon6GkvSd/BgwRArImAJ4wq5+KO9B8Lt/QT7gaCc+zDhAH0QCfe0pY
8lOADqs+qmKzqw0cgeb3HWU=
=32H+
-----END PGP SIGNATURE-----
|受影响的产品
OWASP WebScarab 2006.7.18 1904 OWASP WebScarab 2006.6.21 0003
|参考资料

来源:BUGTRAQ
名称:20060718WebScarab<=20060621-0003crosssitescripting
链接:http://www.securityfocus.com/archive/1/archive/1/440441/100/0/threaded
来源:SECUNIA
名称:21114
链接:http://secunia.com/advisories/21114
来源:MISC
链接:http://moritz-naumann.com/adv/0012/webscarabxss/0012.txt
来源:XF
名称:webscarab-uri-xss(27797)
链接:http://xforce.iss.net/xforce/xfdb/27797
来源:BID
名称:19063
链接:http://www.securityfocus.com/bid/19063
来源:VUPEN
名称:ADV-2006-2878
链接:http://www.frsirt.com/english/advisories/2006/2878
来源:SREASON
名称:1276
链接:http://securityreason.com/securityalert/1276
来源:FULLDISC
名称:20060718WebScarab<=20060621-0003crosssitescripting
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047995.html