NoScript (2.0.5.1< less ): Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) Vulnerability

Users of NoScript (2.0.5.1 < less ) please be advised of a Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

NoScript-SA-11/27/2010: NoScript (2.0.5.1 < less ) – Bypass “Reflective XSS” through Union SQL Poisoning Trick (SQLXSSI)
NoScript fails to detect the reflective XSS from trusted domains when an
attack is conducted through SQLXSSI. The bypass in NoScript has been
successfully conducted by using “Reflective XSS” through Union SQL
poisoning attacks by exploiting the reverted errors in the browser. The
attack string used to bypass is stated below

Read more at http://www.criticalwatch.com

 

Advertisements