[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Persistent XSS vulnerability in TorStatus

> Thanks for this.. you might be interested to know that co-incidentally I
> had a nasty experience with one of these sites (don't know which now)
> running this code some 4-6 months ago. 

A search (grep) in the server descriptor archive starting with
2009-01-01 didn't show anything obviously nasty in the contact field -
so if a TorStatus site contained something nasty in that time period it
probably wasn't this vulnerability.
...but TorStatus is not properly html encoding everywhere where it should.

> I had to switch jscript on to
> view the site 

TorStatus sites usually do not require JavaScript.

> Do you reckon a jscript (code injection) vulnerability over Tor, like
> the one you uncovered, could lead to stack based attacks (the system
> slow and re-boot) on WinNT/Win2k/WinXP systems, to insert such a remote
> control trojan as I have just removed?

The vulnerability reported in the original posting (a web application
not doing proper output encoding) has basically nothing to do with Tor
beside the fact that the web application does show Tor nodes information
and the way how an attacker delivers its payload to the website.

So your question boils down to:
Can one get compromised when browsing a website?
Yes, you can.

best regards,
tor-talk mailing list