Re: [WebDNA] Security Problem

This WebDNA talk-list message is from

2015


It keeps the original formatting.
numero = 112350
interpreted = N
texte = --Apple-Mail=_6BD30442-D6BC-4F9F-A7D2-35D028CFEEFF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Some further reading: http://www.veracode.com/security/csrf = The proposed WebDNA session id would help to combat this small but = viable security risk. Kind regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au > On 15 Jun 2015, at 10:58, Stuart Tremain wrote: >=20 > I just came across this on Firefox (must be firefox) on a client=E2=80=99= s website >=20 >=20 > http://yourdomain.com/?test=3D = " >=20 > This can be a problem in that an attacker can redirect Cookies on his = own website to Hijack account of victim by sending affected Link. >=20 > I know that it is very remote but it is a known vulnerability. >=20 >=20 >=20 > Kind regards >=20 > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au >=20 >=20 >=20 >=20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_6BD30442-D6BC-4F9F-A7D2-35D028CFEEFF Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Some further reading:


The proposed WebDNA = session id would help to combat this small but viable security = risk.


Kind regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA





On 15 Jun 2015, at 10:58, Stuart Tremain <webdna@idfk.com.au> = wrote:

I just came = across this on Firefox (must be firefox) on a client=E2=80=99s = website


http://yourdomain.com/?test=3D"</script><img = src=3Dx onerror=3Dalert(document.cookie)>

This can be a problem in that = an attacker can redirect Cookies on his own website = to Hijack account of victim by sending affected Link.

I know that it is very remote but it = is a known vulnerability.



Kind regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA





--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --Apple-Mail=_6BD30442-D6BC-4F9F-A7D2-35D028CFEEFF-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Security Problem (Tom Duke 2015)
  2. Re: [WebDNA] Security Problem (Stuart Tremain 2015)
  3. [WebDNA] Security Problem (Stuart Tremain 2015)
--Apple-Mail=_6BD30442-D6BC-4F9F-A7D2-35D028CFEEFF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Some further reading: http://www.veracode.com/security/csrf = The proposed WebDNA session id would help to combat this small but = viable security risk. Kind regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au > On 15 Jun 2015, at 10:58, Stuart Tremain wrote: >=20 > I just came across this on Firefox (must be firefox) on a client=E2=80=99= s website >=20 >=20 > http://yourdomain.com/?test=3D = " >=20 > This can be a problem in that an attacker can redirect Cookies on his = own website to Hijack account of victim by sending affected Link. >=20 > I know that it is very remote but it is a known vulnerability. >=20 >=20 >=20 > Kind regards >=20 > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au >=20 >=20 >=20 >=20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_6BD30442-D6BC-4F9F-A7D2-35D028CFEEFF Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Some further reading:


The proposed WebDNA = session id would help to combat this small but viable security = risk.


Kind regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA





On 15 Jun 2015, at 10:58, Stuart Tremain <webdna@idfk.com.au> = wrote:

I just came = across this on Firefox (must be firefox) on a client=E2=80=99s = website


http://yourdomain.com/?test=3D"</script><img = src=3Dx onerror=3Dalert(document.cookie)>

This can be a problem in that = an attacker can redirect Cookies on his own website = to Hijack account of victim by sending affected Link.

I know that it is very remote but it = is a known vulnerability.



Kind regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA





--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us

= --Apple-Mail=_6BD30442-D6BC-4F9F-A7D2-35D028CFEEFF-- Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Cookie problems using Mozilla and Camino browsers (2004) problems with 2 tags (1997) Newbie problem blah blah blah (1997) Showif Or (2000) WC TableGrinder (1997) WebCatalog vs. Cold Fusion (1998) WebCat & WebTen (1997) Great product and great job ! (1997) creative use of webcatalog (1998) WebCatalog can't find database (1997) RAM variables (1997) WebCat2b15MacPlugin - showing [math] (1997) WCS Newbie question (1997) Card clearance, problems - solutions? (1997) Signal Raised Error (Part II) (1997) RE: How to verify email address (1997) Prevent multiple appends with Reload Button (1997) WebCat2 - [format thousands] (1997) (OT) Dual 2GHz G5 (2003) [WebDNA] Installation on windows 2008 server (2010)