[Owasp-antisamy] AntiSAMY Defect (Shishir Kumar)

Shishir Kumar shishirroy2000 at gmail.com
Sat Sep 20 02:20:49 EDT 2008


Not sure why correctly on test URL:  http://blog.supremedesign.ru/xss
(Have you removed the char "\" before processing.

Please find attached Java program and policy file from which you can
replicate the OutOfMemoryError (Need to change the policy file path in
program).

Here is the Error output (Hope for testing you are using the same set of jar
which is at http://code.google.com/p/owaspantisamy/downloads/list:


Input: <script type=\"text/javascript\">document.write(\"Hello World!\");</
script >

Exception in thread "main" java.lang.OutOfMemoryError: Java heap space

at org.apache.xerces.util.XMLStringBuffer.append(Unknown Source)

at org.cyberneko.html.HTMLScanner$SpecialScanner.scanCharacters(*
HTMLScanner.java:3011*)

at org.cyberneko.html.HTMLScanner$SpecialScanner.scan(*HTMLScanner.java:2845
*)

at org.cyberneko.html.HTMLScanner.scanDocument(*HTMLScanner.java:877*)

at org.cyberneko.html.HTMLConfiguration.parse(*HTMLConfiguration.java:495*)

at org.cyberneko.html.HTMLConfiguration.parse(*HTMLConfiguration.java:448*)

at org.cyberneko.html.parsers.DOMFragmentParser.parse(*
DOMFragmentParser.java:166*)

at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(Unknown Source)

at org.owasp.validator.html.AntiSamy.scan(Unknown Source)

at ReplicateOutOfMemoryError.main(*ReplicateOutOfMemoryError.java:29*)
Please let me know if you need more information on this.

Regards,
Shishir Kumar

On Fri, Sep 19, 2008 at 9:42 PM, Carlos Aguayo <carlos.aguayo at gmail.com>wrote:

> I can't reproduce this either.
>
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Fri, 19 Sep 2008 16:59:32 +0530
> > From: "Shishir Kumar" <shishirroy2000 at gmail.com>
> > Subject: [Owasp-antisamy] AntiSAMY Defect
> > To: owasp-antisamy at lists.owasp.org,
> >        arshan.dabirsiaghi at aspectsecurity.com
> > Message-ID:
> >        <49e43b590809190429k34a5dd21u44ca93b82269166a at mail.gmail.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Hi,
> >
> > I found that if user input text at UI as:
> >
> > <script type=\"text/javascript\">document.write(\"Hello
> World!\");</script>
> >
> > The scan goes to infinite loop and throws OutOfMemoryError
> >
> > as.scan(inputData, policy);
> >
> > Note: For Input below input it works fine. So the problem is something
> with
> > \
> >
> > <script type="text/javascript">document.write("Hello World!");</ script >
> >
> > Regards,
> >
> > Shishir Kumar
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080919/5e6d75ee/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Fri, 19 Sep 2008 17:31:49 +0400
> > From: Serge Droganov <sergei at droganov.ru>
> > Subject: Re: [Owasp-antisamy] AntiSAMY Defect
> > To: "Shishir Kumar" <shishirroy2000 at gmail.com>
> > Cc: owasp-antisamy at lists.owasp.org
> > Message-ID: <209C0B6D-479D-4925-8E15-E84A14F645FF at droganov.ru>
> > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
> >
> > Hi,
> > That's probably not about AntiSamy. I can't get infinite loop.
> > http://blog.supremedesign.ru/xss
> >
> >
> > On Sep 19, 2008, at 3:29 PM, Shishir Kumar wrote:
> >
> >> <script type=\"text/javascript\">document.write(\"Hello World!\");</
> >> script>
> >
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > Owasp-antisamy mailing list
> > Owasp-antisamy at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-antisamy
> >
> >
> > End of Owasp-antisamy Digest, Vol 11, Issue 2
> > *********************************************
> >
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080920/dbefb22f/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: securemessaging_policy.xml
Type: text/xml
Size: 2265 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080920/dbefb22f/attachment.xml 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ReplicateOutOfMemoryError.java
Type: application/octet-stream
Size: 1585 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080920/dbefb22f/attachment.obj 


More information about the Owasp-antisamy mailing list