Forum OpenACS Q&A: Response to Bugtraq: cross site scripting

Posted by defunct defunct on
Related Security Issues

Folks, on a related note, when the ArsDigita guys came over to our offices about 18months ago, we discussed a particularly nasty denial-of-service vulnerability with them. They were in the process of providing a solution, but I've since lost track of whether it was ever addressed.

Basically, I seem to remember it being related to the use of system wide unique ids i.e. acs_object_id_seq.

There ar emany circumstances whereby one page creates a new id, passed somewhere else and the eventually recorded in the DB. As I understand it is was possible to return the contents of a page and alter such id values randomly.
Its of course difficult to do specific damage, but after a while the database becomes full of IDs which have yet to be extracted from the sequence, cuasing problems down the line.

A colleague of mine at the time created an AOLServer instance which acted as the client side, supplying and receiving requests from the service and returning spurious values back.

Does this problem still exist or is there an fix/approach I should be ware of?