InformAction Forums

Posted: **Mon Feb 17, 2014 5:59 pm**

When accessing my mortgage company log in at https://www.mortgagequestions.com, then when it asks my secret question I get warning (NoScript filtered a potential cross site scripting XSS attempt from [https://www.mortgagequestions.com] . Here's the log:

Code: Select all

--
[12:55:56.847] undefined entity:1
[12:55:56.918] TypeError: Components.classes['@mozilla.org/browser/global-history;2'] is undefined @ chrome://pdfdownload/content/pdfDownloadOverlay.js:375
--
[12:56:15.799] www.mortgagequestions.com : server does not support RFC 5746, see CVE-2009-3555
[12:56:16.096] www.c.mortgagequestions.com : server does not support RFC 5746, see CVE-2009-3555
[12:56:18.666] Use of getUserData() or setUserData() is deprecated.  Use WeakMap or element.dataset instead. @ resource://gre/modules/XPIProvider.jsm -> jar:file:///C:/Users/Down%20Time/AppData/Roaming/Mozilla/Firefox/Profiles/8ady8lgs.default/extensions/%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D.xpi!/bootstrap.js -> jar:file:///C:/Users/Down%20Time/AppData/Roaming/Mozilla/Firefox/Profiles/8ady8lgs.default/extensions/%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D.xpi!/lib/requestNotifier.js:64
[12:56:18.827] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:159
[12:56:18.827] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:162
[12:56:18.827] Expected declaration but found '+'.  Skipped to next declaration. @ https://www.mortgagequestions.com/sso/m ... d15882:218
[12:56:18.828] Error in parsing value for 'vertical-align'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:242
[12:56:18.828] Dangling combinator.  Ruleset ignored due to bad selector. @ https://www.mortgagequestions.com/sso/m ... d15882:244
[12:56:18.828] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:253
[12:56:18.828] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:265
[12:56:18.828] Expected color but found 'D5D5D5'.  Error in parsing value for 'border-color'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:273
[12:56:18.828] Expected color but found 'D5D5D5'.  Error in parsing value for 'border-color'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:275
[12:56:18.828] Expected color but found 'D5D5D5'.  Error in parsing value for 'border-color'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:280
[12:56:18.829] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:334
[12:56:18.829] Error in parsing value for 'padding-left'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:350
[12:56:18.829] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:364
[12:56:18.829] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:370
[12:56:18.829] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:371
[12:56:18.829] Error in parsing value for 'vertical-align'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:379
[12:56:18.829] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:382
[12:56:18.829] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:383
[12:56:18.829] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:384
[12:56:18.829] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:385
[12:56:18.829] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:395
[12:56:18.829] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:396
[12:56:18.829] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:398
[12:56:18.829] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:399
[12:56:18.829] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:400
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:401
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:402
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:408
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:409
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:411
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:412
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:413
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:414
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:415
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:421
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:422
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:423
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:424
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:425
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:426
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:427
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:441
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:442
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:443
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:444
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:445
[12:56:18.830] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:446
[12:56:18.830] Error in parsing value for 'font-size'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:455
[12:56:18.830] Expected end of value but found '12'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:456
[12:56:18.831] Expected end of value but found '12'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:457
[12:56:18.831] Error in parsing value for 'font'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:461
[12:56:18.831] Error in parsing value for 'filter'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:468
[12:56:18.831] Unknown property '-moz-opacity'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:468
[12:56:18.831] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:482
[12:56:18.832] Expected end of value but found '20'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:545
[12:56:18.832] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:570
[12:56:18.832] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:572
[12:56:18.832] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:607
[12:56:18.834] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:772
[12:56:18.834] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:773
[12:56:18.834] Expected end of value but found '12'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:784
[12:56:18.834] Expected end of value but found '12'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:785
[12:56:18.834] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:800
[12:56:18.835] Error in parsing value for 'font-size'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/m ... d15882:842
[12:56:18.902] images.mortgagequestions.com : server does not support RFC 5746, see CVE-2009-3555
[12:56:19.191] TypeError: function checkUserName does not always return a value @ https://www.mortgagequestions.com/sso/m ... 15882:1127
[12:56:19.193] The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. @ https://www.mortgagequestions.com/sso/m ... d$%3d15882
[12:56:19.294] images.mortgagequestions.com : server does not support RFC 5746, see CVE-2009-3555
[12:56:23.869] TypeError: Components.classes['@mozilla.org/browser/global-history;2'] is undefined @ chrome://pdfdownload/content/pdfDownloadOverlay.js:375
--
[12:56:47.843] TypeError: function onclick does not always return a value @ https://www.mortgagequestions.com/sso/m ... %3d15882:1
[12:56:47.844] A form was submitted in the windows-1252 encoding which cannot encode all Unicode characters, so user input may get corrupted. To avoid this problem, the page should be changed so that the form is submitted in the UTF-8 encoding either by changing the encoding of the page itself to UTF-8 or by specifying accept-charset=utf-8 on the form element. @ https://www.mortgagequestions.com/sso/m ... d$%3d15882
[12:56:47.944] www.mortgagequestions.com : server does not support RFC 5746, see CVE-2009-3555
[12:56:48.580] www.c.mortgagequestions.com : server does not support RFC 5746, see CVE-2009-3555
[12:56:49.159] Use of getUserData() or setUserData() is deprecated.  Use WeakMap or element.dataset instead. @ resource://gre/modules/XPIProvider.jsm -> jar:file:///C:/Users/Down%20Time/AppData/Roaming/Mozilla/Firefox/Profiles/8ady8lgs.default/extensions/%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D.xpi!/bootstrap.js -> jar:file:///C:/Users/Down%20Time/AppData/Roaming/Mozilla/Firefox/Profiles/8ady8lgs.default/extensions/%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D.xpi!/lib/requestNotifier.js:64
[12:56:49.292] images.mortgagequestions.com : server does not support RFC 5746, see CVE-2009-3555
[12:56:49.410] Error in parsing value for 'font-family'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:128
[12:56:49.410] Error in parsing value for 'font-family'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:130
[12:56:49.411] Error in parsing value for 'cursor'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:144
[12:56:49.411] Expected color but found '#\34 d44a'.  Error in parsing value for 'color'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:146
[12:56:49.411] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:159
[12:56:49.411] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:162
[12:56:49.411] Expected declaration but found '+'.  Skipped to next declaration. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:218
[12:56:49.411] Error in parsing value for 'vertical-align'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:242
[12:56:49.411] Dangling combinator.  Ruleset ignored due to bad selector. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:244
[12:56:49.411] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:253
[12:56:49.411] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:265
[12:56:49.411] Expected color but found 'D5D5D5'.  Error in parsing value for 'border-color'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:273
[12:56:49.411] Expected color but found 'D5D5D5'.  Error in parsing value for 'border-color'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:275
[12:56:49.411] Expected color but found 'D5D5D5'.  Error in parsing value for 'border-color'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:280
[12:56:49.412] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:334
[12:56:49.412] Error in parsing value for 'padding-left'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:350
[12:56:49.412] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:364
[12:56:49.412] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:370
[12:56:49.412] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:371
[12:56:49.412] Error in parsing value for 'vertical-align'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:379
[12:56:49.412] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:382
[12:56:49.412] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:383
[12:56:49.412] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:384
[12:56:49.412] Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:385
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:395
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:396
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:398
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:399
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:400
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:401
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:402
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:408
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:409
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:411
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:412
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:413
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:414
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:415
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:421
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:422
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:423
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:424
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:425
[12:56:49.412] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:426
[12:56:49.413] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:427
[12:56:49.413] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:441
[12:56:49.413] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:442
[12:56:49.413] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:443
[12:56:49.413] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:444
[12:56:49.413] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:445
[12:56:49.413] Error in parsing value for 'margin'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:446
[12:56:49.413] Error in parsing value for 'font-size'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:455
[12:56:49.413] Expected end of value but found '12'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:456
[12:56:49.413] Expected end of value but found '12'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:457
[12:56:49.413] Error in parsing value for 'font'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:461
[12:56:49.413] Error in parsing value for 'filter'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:468
[12:56:49.413] Unknown property '-moz-opacity'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:468
[12:56:49.413] Error in parsing value for 'width'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:482
[12:56:49.414] Expected end of value but found '20'.  Error in parsing value for 'padding'.  Declaration dropped. @ https://www.mortgagequestions.com/sso/mq2/login.jsp:545

Posted: **Mon Feb 17, 2014 6:30 pm**

XSS related messages start with "[NoScript", so these are the relevant messages from your posts
(next time please filter out CSS warnings, and use code tags like I am)

Code: Select all

[12:56:59.320] [NoScript InjectionChecker] JavaScript Injection in ///siteminderagent/SmMakeCookie.ccc?(REMOVED_CONTENT)
(function anonymous() {
(REMOVED_CONTENT) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[12:56:59.324] [NoScript XSS] Sanitized suspicious request. Original URL [https://www.c.mortgagequestions.com/siteminderagent/SmMakeCookie.ccc?(REMOVED_CONTENT) requested from [https://www.mortgagequestions.com/sso/mq2/login.jsp]. Sanitized URL: [https://www.c.mortgagequestions.com/siteminderagent/SmMakeCookie.ccc?(REMOVED_CONTENT).
[12:56:59.344] [NoScript InjectionChecker] JavaScript Injection in ///siteminderagent/SmMakeCookie.ccc?(REMOVED_CONTENT)
(function anonymous() {
(REMOVED_CONTENT) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

read the sticky for how to make an XSS exception, if you still need help let us know

(removed parts of URLs at request of OP)

Posted: **Mon Feb 17, 2014 9:25 pm**

If I make an xss exemption, is it safe to access the site? Is something malicious going on?

Said by Barbaz, "next time please filter out CSS warnings, and use code tags like I am"
How exactly do you do that? This is my first time posting here

Thanks for your help

Posted: **Mon Feb 17, 2014 10:12 pm**

planet222 wrote:If I make an xss exemption, is it safe to access the site?

the best answer I can give you there is http://noscript.net/faq#qa1_11
so, up to you, whether you trust the origin not to send malicious requests or the destination to be protected against XSS (but probably not a good idea to make exception for both at once)

planet222 wrote:Is something malicious going on?

most likely it's just bad site design, but again, i can't say for sure...

planet222 wrote: Said by Barbaz, "next time please filter out CSS warnings, and use code tags like I am"
How exactly do you do that?

You have Firefox 24, so just un-click the "CSS" button (with the blue thing) in the browser console.
as for code tags, they work like this

Code: Select all

[code]your code here

[/code]
(example wrapped in code tags to prevent phpBB from parsing it)

Posted: **Tue Feb 18, 2014 12:57 am**

Thanks for the info Barbaz. IE has a filter for cross site scripting and when I went to the site with IE, I had no log in issues.

Gotta tell ya. My lack of knowledge and overall sense of internet insecurity makes me paranoid as all heck

Considering all the data breaches going on, etc. Thanks for keeping us safer.

Posted: **Tue Feb 18, 2014 3:13 am**

planet222 wrote:If I make an xss exemption, is it safe to access the site?

Well, that depends on whether the site is actually vulnerable to cross-site scripting attacks, which is something that I can't answer (it would need a proper penetration test).

However, you can make it reasonably safe, if you wish, by adding the following rule to ABE:

Code: Select all

Site .mortgagequestions.com
Accept from SELF++
Anon GET
Deny

This will ensure that no malicious cross-site requests can be sent to the site, but you'll still be able to reach it by following a link, eg from a search engine. It is possible that this will break things; keep an eye on the Browser Console.

And if you're really paranoid, then remove the 'Anon GET' line and always access the site via a bookmark.

Is something malicious going on?

Almost certainly not; it would just be bad site design.

Said by Barbaz, "next time please filter out CSS warnings, and use code tags like I am"
How exactly do you do that? This is my first time posting here

Well, you can click on the 'Code' button at the top, or you can manually type the word 'code' inside square brackets to start a code block, /code inside square brackets to end it. It makes things easier to read, and gives you a scrollbar instead of a wall of text.

I've fixed up your original post.

Posted: **Tue Feb 18, 2014 1:54 pm**

Thank you barbaz and Thrawn for your help.

Any thoughts on why NoScript would now be flagging that site for the xss vulnerability? This is the first time this had happened in over 2 years of accessing that site. I reverted back to an older version of NoScript three times yesterday, I think they were versions 2.6.8.13, then 2.6.8.12 and finally 2.6.8.10, the final version being that which I most likely accessed the site last in early January. Each version change, I could access the site once before the xss flag popped up blocking me from logging in.

Posted: **Tue Feb 18, 2014 2:36 pm**

planet222 wrote:Any thoughts on why NoScript would now be flagging that site for the xss vulnerability? This is the first time this had happened in over 2 years of accessing that site. I reverted back to an older version of NoScript three times yesterday, I think they were versions 2.6.8.13, then 2.6.8.12 and finally 2.6.8.10, the final version being that which I most likely accessed the site last in early January. Each version change, I could access the site once before the xss flag popped up blocking me from logging in.

I can only guess, but here are a few possibilities:
1) The site changed their design.
2) You changed the method you're using to access the site.
3) It's just bad luck, that you're now mostly getting tokens that trigger the XSS filter.

Posted: **Thu Feb 20, 2014 4:18 am**

I've entered the following 2 regex in the anti-xss protection exceptions box:

(help from barbaz)
^@https://www\.mortgagequestions\.com/.+/login.jsp$

(made this regex from the sticky example)
^@https?://([^/]+\.)?www.mortgagequestions\.com/

Is the syntax accurate? Does it matter if both are there? I believe these are regex for the originator not destination.

I am no longer getting the cross site scripting warning.

So, do you think I'm good to go?

Should and can I add this to ABE as suggested by Thrawn. If I did and the site is vulnerable, would this protect me?
Site www.mortgagequestions.com
Accept from SELF++
Anon GET
Deny

regards. planet222

Posted: **Thu Feb 20, 2014 1:52 pm**

planet222 wrote:Is the syntax accurate?

Well, since you're not hitting the filter there anymore, yes.

planet222 wrote:Does it matter if both are there?

More exceptions will generally mean more web pages can bypass the XSS filter. Better to have only one exception - if the first works by itself then go with that, otherwise use only the second.

planet222 wrote:Should and can I add this to ABE as suggested by Thrawn.

It wouldn't hurt; however it looks like that ABE rule was designed assuming you would write an exception for the destination, so it's not strictly necessary here.

planet222 wrote:If I did and the site is vulnerable, would this protect me?

In this case it would protect you against a different sort of threat, nothing to do with having added the XSS exception.
BTW Thrawn's example is actually correct in leaving out the "www" from the Site line.

Posted: **Thu Feb 20, 2014 11:17 pm**

Thanks again for your help Barbaz and Thrawn.

As you suggested Barbaz, I removed one of the regex lines of code. One didn't work by itself but the other one did.

Then, when I entered the code into ABE (I copied and pasted it just as Thrawn had typed), the site gave me an internal server error message and wouldn't let me onto the site saying I needed to contact their webmaster about the error. I removed the code and all went well again.

Any thoughts about the ABE code. And, what exactly does that code protect me from?

regards, planet222

Posted: **Fri Feb 21, 2014 12:31 am**

planet222 wrote:when I entered the code into ABE (I copied and pasted it just as Thrawn had typed), the site gave me an internal server error message and wouldn't let me onto the site saying I needed to contact their webmaster about the error. I removed the code and all went well again.

Any thoughts about the ABE code.

Please retry, and when it fails again, post here the message you get from the Browser Console (Ctrl-Shift-J).

planet222 wrote:And, what exactly does that code protect me from?

I believe it is protecting the site from CSRF, but Giorgio or Thrawn would know more than me.

Posted: **Fri Feb 21, 2014 1:56 am**

Ok, here is some of the log. There is more but I think this was the important part of the message used earlier in my posts.

Code: Select all

[20:38:20.388] [ABE] <.mortgagequestions.com> Anonymize GET on {GET https://www.c.mortgagequestions.com/sit ... =0&TARGET= (token removed by poster), https://www.mortgagequestions.com/sitem ... ecques.fcc, https://www.mortgagequestions.com/sso/mq2/login.jsp, https://www.c.mortgagequestions.com/sit ... SMSESSION=  (token removed by poster)
USER rule:
Site .mortgagequestions.com
Accept from SELF++
Anonymize GET
Deny

Here's the error I get on the site:

Code: Select all

 Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, mbswebmaster@mortgagefamily.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.

regards. planet222

Posted: **Fri Feb 21, 2014 2:09 am**

looks like the issue is SELF++ being quirky with redirects, try this instead

Code: Select all

Site .mortgagequestions.com
Accept from .mortgagequestions.com
Anon GET
Deny

Posted: **Fri Feb 21, 2014 2:21 am**

No good, get the same error on the site as above.
Here's the newest log. There is another url in the log that I think I cut out of the last one accidentally:

Code: Select all

[21:18:18.184] [ABE] <.mortgagequestions.com> Anonymize GET on {GET https://www.c.mortgagequestions.com/siteminderagent/SmMakeCookie.ccc?SMSESSION=(token removed by poster)https://www.keybankmortgage.com/home/70864/landscape?cid=LogIn, https://www.mortgagequestions.com/home/landscape?cid=(token removed by poster) https://www.mortgagequestions.com/siteminderagent/forms/secques.fcc, https://www.mortgagequestions.com/sso/mq2/login.jsp, https://www.c.mortgagequestions.com/siteminderagent/SmMakeCookie.ccc?SMSESSION=(token removed by poster)
USER rule:
Site .mortgagequestions.com
Accept from .mortgagequestions.com
Anonymize GET
Deny

I put this in ABE for the other url but still got the same error.

Code: Select all

Site .mortgagequestions.com
Accept from .mortgagequestions.com
Anon GET
Deny
Site .keybankmortgage.com
Accept from .keybankmortgage.com
Anon GET
Deny

Afraid if I keep making logging attempts I'll end up getting locked out...

regards,planet222

InformAction Forums

problem with cross site scripting

problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting

Re: problem with cross site scripting