IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Suggestions Forum / Re: Dammit
Post #58,822
by deSitter
Picture of deSitter
10/23/02 12:00:34 PM
Reply
New Re: Dammit
Does this mean we can now direct-link pictures? IWE fora had that.
-drl
Post #58,823
by admin
Picture of admin
10/23/02 12:01:28 PM
Reply
New No.
There's a way to put javascript into img tags... I would need to filter for it first, and I can't remember the exact technique that was used.
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
Post #58,886
by SpiceWare
10/23/02 2:23:38 PM
Reply
New this it?
[link|http://msgs.securepoint.com/cgi-bin/get/bugtraq0008/310.html|http://msgs.securepo...traq0008/310.html]

This comment suggests the exploit can occur in more than just the img tag
[link|http://www.security-express.com/archives/bugtraq/2000-01/0045.html|http://www.security-...2000-01/0045.html]

Darrell Spice, Jr.

[link|http://home.houston.rr.com/spiceware/|SpiceWare] - We don't do Windows, it's too much of a chore
Post #58,890
by admin
Picture of admin
10/23/02 2:46:48 PM
Reply
New That's the one.
Well, if it requires a <script> tag, then no worries. I already strip those. If it can be done just in the link src though...
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
Post #58,895
by ChrisR
10/23/02 2:52:30 PM
Reply
New Script tags not required
<html>
<head>
<title>Hello</title>
</head>
<body>
<img src='javascript:alert("hello")'>
</body>
</html>
Post #58,902
by admin
Picture of admin
10/23/02 3:14:22 PM
Reply
New Nifty.
Well, I've got an HREF scrubber now anyway, so I guess I can add img tags too.

But, the question is, can someone put <script>whatever</script> in say 'foo.html' and then do <img src="http://myserver.com/foo.html"> and get it to run...
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
Post #58,914
by ChrisR
10/23/02 3:47:11 PM
Reply
New Don't think that level of indirection would work
The problem seems to arise in the evaluation of the source attribute. I think once it starts loading the source, it doesn't continue the evaluation chain.
     Speaking of Signs - (Another Scott) - (35) - Oct. 23, 2002, 12:40:31 AM EDT
         Not Beep's sign, originally - (drewk) - (2) - Oct. 23, 2002, 08:22:06 AM EDT
             Yup... Jake123's and BOxley's secret love child. -NT - (CRConrad) - Oct. 23, 2002, 08:30:29 AM EDT
             Should a remembered Yaz. BP's been The Keeper though. Thnx. -NT - (Another Scott) - Oct. 23, 2002, 09:29:33 AM EDT
         I just need the image... -NT - (admin) - (31) - Oct. 23, 2002, 09:17:31 AM EDT
             Thought you had it... - (bepatient) - (30) - Oct. 23, 2002, 10:50:03 AM EDT
                 And now presenting: - (admin) - (29) - Oct. 23, 2002, 11:09:48 AM EDT
                     Did you know that.. - (bepatient) - Oct. 23, 2002, 11:06:54 AM EDT
                     About Effing time you.... - (folkert) - (1) - Oct. 23, 2002, 11:14:47 AM EDT
                         BTW, Greg... - (admin) - Oct. 23, 2002, 11:17:03 AM EDT
                     Thanks! -NT - (Another Scott) - Oct. 23, 2002, 11:14:53 AM EDT
                     Dammit - (drewk) - (11) - Oct. 23, 2002, 11:45:57 AM EDT
                         Re: Dammit - (admin) - (10) - Oct. 23, 2002, 11:57:47 AM EDT
                             Re: Dammit - (deSitter) - (6) - Oct. 23, 2002, 12:00:34 PM EDT
                                 No. - (admin) - (5) - Oct. 23, 2002, 12:01:28 PM EDT
                                     this it? - (SpiceWare) - (4) - Oct. 23, 2002, 02:23:38 PM EDT
                                         That's the one. - (admin) - (3) - Oct. 23, 2002, 02:46:48 PM EDT
                                             Script tags not required - (ChrisR) - (2) - Oct. 23, 2002, 02:52:30 PM EDT
                                                 Nifty. - (admin) - (1) - Oct. 23, 2002, 03:14:22 PM EDT
                                                     Don't think that level of indirection would work - (ChrisR) - Oct. 23, 2002, 03:47:11 PM EDT
                             Testing - (drewk) - (2) - Oct. 23, 2002, 12:11:00 PM EDT
                                 Sure... - (bepatient) - (1) - Oct. 23, 2002, 12:24:47 PM EDT
                                     Speaking of critical ... - (drewk) - Oct. 23, 2002, 01:26:44 PM EDT
                     ignore - (bepatient) - Dec. 18, 2002, 05:04:32 PM EST
                     Ok...so why doesn't this work anymore? - (bepatient) - (10) - Dec. 18, 2002, 05:04:01 PM EST
                         here - (folkert) - (9) - Dec. 18, 2002, 05:24:29 PM EST
                             Busted? - (ChrisR) - Dec. 18, 2002, 05:29:18 PM EST
                             So after 3 edits... - (bepatient) - (7) - Dec. 18, 2002, 05:31:34 PM EST
                                 You saw the edits you jerk!!! - (folkert) - (6) - Dec. 18, 2002, 05:50:19 PM EST
                                     Well I never! - (bepatient) - (5) - Dec. 18, 2002, 09:46:42 PM EST
                                         Ha <pause> Haaaa... - (folkert) - (4) - Dec. 18, 2002, 11:30:49 PM EST
                                             Well.. there are some nieces & nephews - (Ashton) - Dec. 19, 2002, 06:41:48 AM EST
                                             Are you serious? - (Arkadiy) - (2) - Dec. 27, 2002, 10:38:01 AM EST
                                                 Yep... - (folkert) - (1) - Dec. 27, 2002, 12:55:49 PM EST
                                                     Oh well - (Arkadiy) - Dec. 27, 2002, 11:07:57 PM EST
                     self closing tags - (cforde) - Jan. 19, 2004, 11:48:31 PM EST

It didn’t ruin my childhood, but it did aggressively strip-mine several shallow deposits of nostalgia.
154 ms