Tuesday, December 25, 2007

Cross site scripting in year 2007.(Blog by Hasegawa Yosuke)

Hasegawa yosuke wrote about Cross site scripting in Year 2007.
ripjyr translate this post to English.
Original post is http://d.hatena.ne.jp/hasegawayosuke/20071226/p1 (Japanese)
-----
I wrote about XSS(Cross site scripting) I found in year 2007.
someone wrote "hasegawa cut to write Blog :-)" someplace.
I didn't cut to write blog ,but noting to write.....
so I force look back XSS in year 2007 :-)

below are XSS found on a famous site I found.


  • XSS in National Institute of Advanced Industrial Science and Technology (AIST)
    • UTF-7 XSS was enabled because charset was not set in 404 response page.
      Session Cookie can stolen if already logined
      Reported:2007/04/16
      Fixed:2007/05/16
  • XSS in sourceforge.jp
    • UTF-7 XSS was enabled because charset was not set in 404 response page.
      Session Cookie can stolen if already logined
      Reported:2007/04/16
      Fixed:2007/05/16
  • XSS in IBM search page.
    • UTF-7 XSS was enabled because HTML character encoding as MS932 can use if specify like "&cs=MS932" in the query on IBM search page.
      Reported:2007/04/19
      Fixed:2007/08/30
  • XSS in MizuhoBank
    • UTF-7 XSS was enabled because HTML character encoding as jis can use if specify like "&oe=jis" in the query on MizuhoBank search page.
      Reported:2007/04/26
      Fixed:2007/12/25
  • XSS in F5 Networks search page
    • XSS was enabled Search page in F5 Networks.
      Query like below.
      http://www.f5networks.co.jp/cgi-bin/search/search.pl?query=abcd%22onload=%22alert(document.location)%22%20
      Reported:2007/07/31
      Fixed:2007/10/29
  • XSS in Oracle search page
    • "%22" was not escaped so XSS was enabled in search page at oracle.co.jp.
      Reported:2007/08/28
      Fixed:2007/09/21
  • XSS in METI Ministry of Economy, Trade and Industry
    • UTF-7 XSS was enabled because charset was not set in www.meti.go.jp pages.
      Reported:2007/10/10
      Fixed:2007/12/05
  • XSS in MIAU(Movements for Internet Active Users)
    • XSS was enabled at Subscription in MIAU Mail magazines page, Query like below.
      http://miau.jp/miaumailmagsubmit.phtml?miaumgreg=test%40example.com%22%20style=%22xss%3aexpression(alert(1))&userevent=mag-reg
      Reported:2007/10/24
      Fixed:2007/10/31
Shown fake information considerable threat by XSS was already easily found in co.jp(like .com) or go.jp(like .gov).
So take care of yourself(who take cares and what cares :-)

Especially XSS in Image file , I contact IPA(INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN) and Microsoft contacts I knew for three years...
Though a considerable communication was done but every time finally said "by specification"....;-<
I wish to be fixed XSSed(not still fixed) pages here and there in 2008 :-)
Then, everybody have a good holidays.

Posted by matcha at 12:09 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)