a-kr / shellinabox

Automatically exported from code.google.com/p/shellinabox
Other
0 stars 0 forks source link

XSS vulnerability on linkifyURLs = 2 #144

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
using: http://shellinabox.googlecode.com/svn/trunk/demo/demo.html

but with linkifyURLs = 2 (instead of 1), print:

print "javascript:'@1.3.3.7/http://',alert(1);" 

it will create a link that when clicked will execute an alert.

Original issue reported on code.google.com by evn@google.com on 6 Oct 2011 at 7:18

GoogleCodeExporter commented 9 years ago
I meant:

print "javascript:'@1.3.3.7/http://',alert(1);"

Original comment by evn@google.com on 6 Oct 2011 at 7:24

GoogleCodeExporter commented 9 years ago
ugh, google code is eating my quotes.. there should be a quote after the ;

Original comment by evn@google.com on 6 Oct 2011 at 7:25

GoogleCodeExporter commented 9 years ago
Can you help with an explanation of the problem.  Simply, I don't understand 
what the 'vulnerability' means.

Original comment by beewoo...@gmail.com on 31 Mar 2012 at 10:53

GoogleCodeExporter commented 9 years ago
Its called XSS. If the user is tricked into clicking such a link he would be 
executing attacker-provided JS code.

Original comment by evn@google.com on 1 Apr 2012 at 8:12

GoogleCodeExporter commented 9 years ago
How would the attacker get their code into the demo html file?

Perhaps what would be most helpful would be a patch that modifies the file or 
files that have the vulnerability and eliminates the problem.

Original comment by beewoo...@gmail.com on 1 Apr 2012 at 10:36

GoogleCodeExporter commented 9 years ago
Contributing code to this project is complicated with the license this code
has and where I work.

The attacker can get the attack in any number of ways. If shellinabox is
being used to proxy SSH then it could be sent via IRC or in an email and so
on.

Original comment by evn@google.com on 1 Apr 2012 at 5:06