ArbitroWeb v0.6 Javascript injection vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ArbitroWeb v0.6 Javascript injection vulnerability
From: Josh Gilmour <joshg@xxxxxxxxxxxx>
Date: 22 Jun 2004 16:50:26 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


vendor: ArbitroWeb
about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect 
all web requests thru it's set of scripts, all URL's contained will be 
adjusted/mangled to it's own scripts.
date: june 22nd, 2004
vendor status: ?
problem: javascript can be injected into the /?rawURL= field...

ex: www.server.com/?rawURL=&lt;script&gt;javascript:alert();&lt;/script&gt;
popups up a javascript alert...

could be hazardous.... example (alert pops up 100 times):
www.server.com/?rawURL=&lt;script&gt;javascript:for(var i = 0; i < 100; i++) 
alert();&lt;/script&gt;

it filters out the character " by making it \" so having it do various things 
that you can usually do with javascript injection is a problem... yet this 
should be fixed nonetheless, and its a possibility the character " has a 
workaround...

thanks to wehack.com, as i was looking thrugh their site at advisories and came 
upon this product....

Thanks,
Josh Gilmour
joshg <at> conqwest <dot> com

Prev by Date: SGI Advanced Linux Environment 3 Security Update #4
Next by Date: [CLA-2004:845] Conectiva Security Announcement - kernel
Previous by thread: SGI Advanced Linux Environment 3 Security Update #4
Next by thread: [CLA-2004:845] Conectiva Security Announcement - kernel
Index(es):
- Date
- Thread