[Imc-bristol-tech] hidden 300088 - cross site scripting exploit
Space Bunny
lists at j12.org
Tue Oct 26 01:21:43 PDT 2004
300088 was hidden on imcuk as it contains an attempt to redirect our
viewers to another site using this 'cross site exploit' (xss)
indymedia.org.uk/en/2004/10/300088.html
It failed due to addition of encodeHTML function to templates which
protected viewer by escaping HTML.
an audit of all MIR templates is needed to check if anything similar
could slip through to any of pages, as can appear in several places.
if you want to learn more on how to help indymedia maintain it websites
pop by Internet Relay Chat irc.indymedia org #uk or #tech and offer to
help and learn, it may be a slow process of referring to docs and back
and forth q and a and just trying to do stuff, but it is worth us
skillsharing. I would rather spend time showing others who to do stuff
then do it all myself.
Further to this:
hidden by someone other then me:
http://www.indymedia.org.uk/en/2004/10/300013.html
More on xss and dadaimc see:
http://dadaimc.org/support.php?section=xss
People can help by checking out imc sites running dadaimc cms maybe
turning of flash, javascript, and trying to alert admins of sites, maybe
even votes such attempts out of newswires. I have attempted to patch
indymedia scotland.
It seems most imcs running dadaimc in US were hit.
Those that found this exploit are promising to use a sql injection
exploit, which mean they may be able to add themselves as admin user. So
one is advise to dump mysqldb and keep copy of site. As bristol
automatic scheduled tasks (cron jobs) seem not set up:
http://lists.indymedia.org/pipermail/imc-bristol-tech/2004-July/0718-e9.html
I am guess this is not happening automatically for them.
More info on mysqldump at:
http://docs.indymedia.org/view/Local/ImcScotlandMaintenance
cheers,
Space Bunny
--
--
http://j12.org/sb/
More information about the Imc-bristol-tech
mailing list