full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] XSS vulnerabilities vi

Re: [Full-disclosure] XSS vulnerabilities via errors at requests to DB

From: MustLive <mustlive_at_nospam>
Date: Wed Jan 06 2010 - 00:54:53 GMT
To: "Michal Zalewski" <lcamtuf@coredump.cx>


Hello Michal!

First of all, Happy New Year.

And thank you for paying attention at my small article about my researches.

> Thank you this excellent research!

You are welcome.

In this case I was talking not about something new for security community (security professionals have to deal with XSS via SQL errors many times), but about most common places of XSS holes. Such as XSS in search engines (local and global), XSS at 404 error pages and XSS via errors at requests to DB (in last article). As I already wrote to Michele (http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072123.html), with my researches and articles, and also during live speeches with web developers, I'm trying to inform them about risks of XSS holes in common places of XSS.

> Given your contributions in this area, I was hoping you could offer me
> some advice:

I see you have a sense of humor. But I give you advice (which you asked me): irony is not best type of humor, so next time try other type of humor ;-). Because, Google with no doubts have a sense of humor (http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072111.html). As I said before, in this article I wrote about not new classes of XSS holes or attacks, but about most common places of XSS. I.e. I'm showing examples of bad practices to force web developers to make more secure web sites.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

  • Original Message ----- From: "Michal Zalewski" <lcamtuf@coredump.cx> To: "MustLive" <mustlive@websecurity.com.ua> Cc: <full-disclosure@lists.grok.org.uk> Sent: Saturday, December 19, 2009 9:19 PM Subject: Re: [Full-disclosure] XSS vulnerabilities via errors at requests to DB

> Dear MustLive,
>
>> Earlier I wrote already about XSS vulnerabilities at 404 pages
>> (http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071664.html).
>> And already at 2008 I planned to tell about one interesting and
>> widespread
>> vector of XSS attacks - it's the attacks via errors at requests to DB.
>
> Thank you this excellent research!
>
> Given your contributions in this area, I was hoping you could offer me
> some advice: I recently stumbled upon an XSS flaw on a page with
> vaguely turquoise background. I am not sure whether to classify this
> as a separate class of a web vulnerability, or merely a novel
> extension of well-established XSS attacks against sky blue targets?
>
> Sincerely,
> /mz



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/