[Commotion-admin] [commotion-openwrt] XSS in LuCi 404 ‘No page is registered’ error response (Misc) (#20)
areynold
notifications at github.com
Mon Sep 9 15:38:52 UTC 2013
LuCi 404 error page (No page is registered) includes path of the request without escaping it. The 404 response is sent with a Content-Type: text/plain header and no X-Content-Type-Options: nosniff header is present. It’s possible to abuse that in browsers doing MIME sniffing (MSIE < 9) to execute arbitrary script in context of target
application.
However, successful exploitation requires victim to use an outdated browser, as well as disable friendly HTTP error messages (which is a default setting), therefore the impact of this vulnerability is limited. Nevertheless X-Content-Type-Options: nosniff HTTP response header should be used on this endpoint.
Originally reported as WRT-01-006
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-openwrt/issues/20
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20130909/dc4e8ac1/attachment.html>
More information about the Commotion-admin
mailing list