savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: [ViewCVS-dev] Re: Cross-Site Scripting of CVS syt

From: office
Subject: [Savannah-hackers] Re: [ViewCVS-dev] Re: Cross-Site Scripting of CVS sytem
Date: Wed, 27 Mar 2002 19:17:18 +0900 
Hi,

On Tue, 26 Mar 2002 23:18:57 +0100
"Lucas Bruand" <address@hidden> wrote:

> As far as I can tell, this is javascript; What can you hurt except yourself
> ?

!!

Do you have EVER read bugtraq? 
Or do you have ever read about cross-site scripting?

O.K. Watch this URL
http://www.cert.org/advisories/CA-2000-02.html
If you cannot understand this, I will stop to think you are a hacker.

Hey, can any person help Lucas Bruand? > address@hidden, address@hidden

--
office
http://www.offic.ac/

> Same sort of stuff:
> Under UNIX, once you have root access, you can destroy everything in the VFS
> if you happen to use the security issue:
> cat `rm -rf /*`
> Notice the inverted quotes...
> 
> > -----Message d'origine-----
> > De : address@hidden [mailto:address@hidden la
> > part de office
> > Envoye : mardi 26 mars 2002 11:00
> > A : Greg Stein
> > Cc : address@hidden; address@hidden; address@hidden
> > Objet : [ViewCVS-dev] Re: Cross-Site Scripting of CVS sytem
> >
> >
> > Hi,
> >
> > I found another CSS point in CVSview,
> >
> > if you access to the URL
> > http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?so
> > rtby=rev"><script>alert("hello")</script>
> > or
> > http://subversions.gnu.org/cgi-bin/viewcvs/cvs-utils/CVSROOT/?sort
> > by=rev"><script>alert("hello")</script>
> > the script may run.
> >
> > I think that not only Internet Exploer but Netscape Navigator are affected
> > by this new CSS point.
> >
> > I hope you hurry up to fix this. Otherwise I have to report this
> > to Bugtraq without fix.
> >
> > Regards,
> > --
> > office
> > address@hidden
> > http://www.office.ac/
> >
> >
> > On Wed, 13 Mar 2002 03:44:39 -0800
> > Greg Stein <address@hidden> wrote:
> >
> > > On Wed, Mar 13, 2002 at 01:52:44PM +0900, office wrote:
> > > > My name is 'office', an Internet user.
> > > >
> > > > I have found the vulnerability of cross-site scripting of CVS sytem,
> > > > so report it.
> > > >
> > > > I wrote the report to Greg Stein, but I only received a mail auto
> > > > replied.
> > >
> > > That's me. You just ran into my auto-responder :-)
> > >
> > > > And I found your address as the vulnerablity may be on ViewCVS
> > > > system.
> > >
> > > Sure seems that way :-(
> > >
> > > > If you access to the URL including script code, like as
> > > >
> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>aler
> t("hello")</script>
> >
> > Hmm. That didn't do anything on my Mozilla client. I just got a text page
> > saying that the cvs root didn't exist. What client are you using? What
> > version of ViewCVS were you testing?
> >
> > >...
> > > This vulnerability in the system in CVS and your reaction for this
> report will
> > > be published by me, adequately.
> >
> > Can modifying the URL actually be used to attack *another* person? If a
> > person types in a malicious URL, then it would seem to affect just
> > themselves. But if a person can type in something and attack *another*
> > person, then this takes on a completely different meaning...
> >
> > Cheers,
> > -g
> >
> > --
> > Greg Stein, http://www.lyra.org/
> 
> _______________________________________________
> viewcvs-dev mailing list
> address@hidden
> http://mailman.lyra.org/mailman/listinfo/viewcvs-dev
reply via email to
[Prev in Thread] Current Thread [Next in Thread]