HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #61
From team Ailuropoda Melanoleucas
New advisory by : Samsa
Affected service(s): cgibas
Severity [lmh] : medium
===== Problem =====
Shoutbox doesn't filter html characters making it vulnerable to a xss attack. This kind of attack can be usefull to steal cookie or POST data information.
===== Impact =====
Request may be forged : For instance, storing altered data.
===== Fix =====
There are few methologies to avoid that kind of problems, one possible solution is using a WhiteList methology. The usage is as follows:
- WhiteList Creation, por example: Whitelist = ['a'..'z', 'A'..'Z', '0'..'9' ];
- Input Data validation:
for( i=0; i<data.length; i++ )
if( not Whitelist.match(data[i]) ) return BAD;
return OK;
Another solution is using substitution:
data.remplace('<','<');
data.remplace('>','>');
Rating
[1] would have given more points for fix in BASIC. well, you didn't wanted to have them ;-P