snghbrjsh / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

XSS vulnarabilities : filter meta characters #90

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
I am running Acunetix scan on the Antisamy implemented code and it was reported 
that the script is vulnerable to XSS attacks.
It has suggested that your script should filter meta characters.
The parameter used is 
%3C/xss/*-*/style=xss:e/**/xpression(alert(40541))%3E&

Policy File used is .
antisamy-esapi.xml
//Code Snippet

String encodedVal = new URLCodec().decode(paramValue);
encodedVal = StringEscapeUtils.unescapeHtml(encodedVal);
Pattern pattern = 
Pattern.compile("<\\p{Cntrl}*\\s*(/?)\\s*\\p{Cntrl}*(\\w+)\\s*\\p{Cntrl}*>");
Matcher matcher = pattern.matcher(encodedVal);
encodedVal = matcher.replaceAll("<$1$2>");

CleanResults cr = as.scan(encodedVal, policy, AntiSamy.SAX);

What version of the product are you using? On what operating system?
antisamy1.4.1

Is there any mechanism for filtering 
%3C/xss/*-*/style=xss:e/**/xpression(alert(40541))%3E& to remove any 
vulnarabilities.

Original issue reported on code.google.com by radhakri...@gmail.com on 13 Oct 2010 at 12:13

GoogleCodeExporter commented 8 years ago
I'm afraid the tool was incorrect. The payload given won't execute without 
further self-destructive code on the client or server. AntiSamy goes to great 
lengths to allow you to use those "control" characters without subjecting you 
to XSS risk.

Original comment by arshan.d...@gmail.com on 15 Nov 2010 at 9:49