A severe problem with the way browsers translate the soft-hyphen (alt + 0173) character has been brought to light which malicious users could utilise alongside a multitude of injection methods as a way to gain unauthorized access and or to spoof content on websites. Both Microsoft Internet Explorer and Mozilla Firefox are affected.
d09b0df55ff9047753e2601a5303cfff7be219ab1bd6e4197197029d5cb00843
Extract:
A severe problem with the way browser's (both Microsoft Internet Explorer and Mozilla Firefox are effected) translate the soft-hyphen (alt + 0173) character has been brought to light which malicious users could utilise alongside a multitude of injection methods as a way to gain un-authorised access and or to spoof content on websites.
Editorial Comment:
A demonstration of a potential use of this attack vector has been posted on our own forums by fwaggle.
fwaggle comments in his demonstration post that "should be pretty interesting" with this vector now in the public domain.
This is a big one that seems to have been overlooked by the top names in the industry; with presumably ALL forum software which allows non-standard ASCII characters (or indeed anything other than A-Z 0-9) vulnerable to such an attack - and that is jus the tip of the iceberg. Any form on a website which allows anything other than A-Z 0-9 is now potentially a security risk - the problem is so wide ranging that how much of a security risk is completely dependant on the use of the form in context.
Whitedust suggest patching the problem with code such as:
if (preg_match("/^[a-zA-Z0-9_-]+$/", $_POST['username']) {
// sign up stuff
} else {
?>
bad chars in username!
}
Thanks again to fwaggle for the fix code.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed