[tor-talk] Persistent XSS vulnerability in TorStatus

tagnaq tagnaq at gmail.com
Mon Apr 25 19:51:03 UTC 2011


On 04/25/2011 06:42 PM, TheGravitator wrote:
>> The vulnerability reported in the original posting (a web application
>> > not doing proper output encoding) has basically nothing to do with Tor
>> > beside the fact that the web application does show Tor nodes
> information
>> > and the way how an attacker delivers its payload to the website.
>> >
> Other than it allowed Tor exits to inject code "This leads
> to a persistent cross-site scripting vulnerability where every Tor node
>  operator can insert HTML/JavaScript on all vulnerable TorStatus
> mirrors."

Now I see what you mean. I think you are confusing the vulnerability in
TorStatus with the fact that Tor Exit Nodes might modify the traffic
that passes through them.
This has nothing to do with the vulnerably in TorStatus and is a totally
different issue.
Mike's Tor Exit scanner runs a lot of tests and I think it is likely
that an exit node messing with the traffic (injecting code) is detected.
After detection the exit node messing with the traffic will likely get
the badexit flag.



More information about the tor-talk mailing list