[tor-talk] Persistent XSS vulnerability in TorStatus
tagnaq at gmail.com
Mon Apr 25 10:59:31 UTC 2011
> Thanks for this.. you might be interested to know that co-incidentally I
> had a nasty experience with one of these sites (don't know which now)
> running this code some 4-6 months ago.
A search (grep) in the server descriptor archive starting with
2009-01-01 didn't show anything obviously nasty in the contact field -
so if a TorStatus site contained something nasty in that time period it
probably wasn't this vulnerability.
...but TorStatus is not properly html encoding everywhere where it should.
> I had to switch jscript on to
> view the site
> Do you reckon a jscript (code injection) vulnerability over Tor, like
> the one you uncovered, could lead to stack based attacks (the system
> slow and re-boot) on WinNT/Win2k/WinXP systems, to insert such a remote
> control trojan as I have just removed?
The vulnerability reported in the original posting (a web application
not doing proper output encoding) has basically nothing to do with Tor
beside the fact that the web application does show Tor nodes information
and the way how an attacker delivers its payload to the website.
So your question boils down to:
Can one get compromised when browsing a website?
Yes, you can.
More information about the tor-talk