Re: [WebDNA] PCI Vulnerability testing
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 102395
interpreted = N
texte = I have no idea about a server level fix. This goes to never trustinguser input. I thought it should always be surrounded by [raw] and[url] to prevent this.What do others do?BillOn Mon, Apr 13, 2009 at 2:08 PM, Bob Minor
wrote:> What are people doing for the following type of attacks?>> http://www.example.com/shoppingcart.tpl?cart="">> I assume you could just do a [removehtml][cart][/removehtml]>> I know you can do something like that at the code level but is there> something that can be done at the server level or does the new version> cicadae have built in protections?>> More info on the attack>>>>> http://www.example.com/?var=>> This will exploit the reflected cross site scripting vulnerability shown>> before, executing the javascript code stored on the attacker's web server as>> if it was originating from the victim web site, www.example.com.>> A complete test will include instantiating a variable with several attack>> vectors (Check Fuzz vectors appendix and Encoded injection appendix).>> Finally, analyzing answers can get complex. A simple way to do this is to>> use code that pops up a dialog, as in our example. This typically indicates>> that an attacker could execute arbitrary JavaScript of his choice in the>> visitors' browsers.>
Associated Messages, from the most recent to the oldest:
I have no idea about a server level fix. This goes to never trustinguser input. I thought it should always be surrounded by [raw] and[url] to prevent this.What do others do?BillOn Mon, Apr 13, 2009 at 2:08 PM, Bob Minor wrote:> What are people doing for the following type of attacks?>> http://www.example.com/shoppingcart.tpl?cart="">> I assume you could just do a [removehtml][cart][/removehtml]>> I know you can do something like that at the code level but is there> something that can be done at the server level or does the new version> cicadae have built in protections?>> More info on the attack>>>>> http://www.example.com/?var=>> This will exploit the reflected cross site scripting vulnerability shown>> before, executing the javascript code stored on the attacker's web server as>> if it was originating from the victim web site, www.example.com.>> A complete test will include instantiating a variable with several attack>> vectors (Check Fuzz vectors appendix and Encoded injection appendix).>> Finally, analyzing answers can get complex. A simple way to do this is to>> use code that pops up a dialog, as in our example. This typically indicates>> that an attacker could execute arbitrary JavaScript of his choice in the>> visitors' browsers.>
William DeVaul
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
emailer (1997)
WebCat editing, SiteGuard WAS:SiteAssociative lookup style? (1997)
Re1000002: Setting up shop (1997)
Context and commands (1998)
calculating shipping costs by a sum of weights (1999)
WebMerchant 3.0 for Mac shipping now (1998)
Bug? (1997)
Quitting WebMerchant ? (1997)
RAM variables (1997)
[WebDNA] Debian Lenny, Lighttpd and WebDNA FastCGI ... (2010)
Exclamation point (1997)
WebDNA tags in WebMerchant email templates ... (1997)
Looking up two prices in Formulas.db (1997)
[ReturnRaw] and hiding FORM data (2003)
WebDNA (WebCatalog) working with iTools 7.3 (2004)
[cart] not being interpreted inside [founditems] (1997)
Verifying and adding new users (1997)
pc (1997)
Trouble with formula.db (1997)
Alpha List for Catagory (1998)