About Freshmeat.net

Freshmeat is a community driven website which serves as an index of free software projects.

Each of the listed projects contains links to a website, download location and other relevent information.

The site is updated several times a day to include recent releases.

The Vulnerability

Each project page contains a collection of links and information about it, as well as the ability for visitors to leave comments.

Two forms of comments are allowed plain text, or HTML text.

The attributes of the HTML are inadequately sanitized, allowing a malicious commentor to create links which would execute arbitary javascript.

The following is an example of such a malicious link:

    <a href="http://foo.com/" onMouseOver="alert(1);">Foo.com</a>
    

Impact

The site uses a session ID stored in a cookie to keep track of a users state. If a user is logged in and clicks upon a link, (or moves over it depending on the code), then they could be redirected to a different site which could steal their login credentials.

Fixing This Problem

The site admins were informed of the details of the attack and had the problem patched 9 hours later.

InformedThu, 25 Mar 2004 04:39:06 -0800 (PST)
FixedThu, 25 Mar 2004 13:10:10 -0800 (PST)