[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability

To: "Michal Majchrowicz" <m.majchrowicz@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability
From: "Guasconi Vincent" <tyoptyop@xxxxxxxxx>
Date: Tue, 24 Apr 2007 11:24:44 +0200

On 4/24/07, Michal Majchrowicz <m.majchrowicz@xxxxxxxxx> wrote:
> Hi.
> I think now we can classify this as flaw in Apache. It accepts
> requests that simply make no sense. Take a look at this example:
> <script>alert(document.cookie);</script> /test.php
> <script>alert(document.cookie);</script>
> In some circumstances it may cause XSS vulnerability:
> <?php
>         echo $_SERVER['REQUEST_METHOD'];
>         echo $_SERVER['SERVER_PROTOCOL'];
> ?>
> I am now investigating other possible attacks.
> Regards Michal Majchrowicz.

<?php
        echo htmlentities($_SERVER['REQUEST_METHOD']);
        echo htmlentities($_SERVER['SERVER_PROTOCOL']);
?>

Sorry but,
where's the hole? (^-^)

(OK Apache shouldn't, but you too.)

-- 
Guasconi Vincent
Etudiant.
http://altmylife.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability
  - From: Michal Majchrowicz

Prev by Date: Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability
Next by Date: Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability
Previous by thread: Re: [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability
Next by thread: [Full-disclosure] Linksys SPA941 remote DOS with \377 character
Index(es):
- Date
- Thread