InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Problem logging into a site

https://forums.informaction.com/viewtopic.php?t=6589

Page 1 of 1

Problem logging into a site

Posted: Sun Jun 05, 2011 8:59 am
by johnpd
It appears that ever since I upgraded to NoScript 2.1.1, I am unable to login into the Verizon Community Forum. I receive these messages:

[NoScript XSS] Sanitized suspicious upload to [https://signin.verizon.com/sso/authsso/forumLogin.jsp <with more data following>
[NoScript XSS] Sanitized suspicious request referer. URL [https://signin.verizon.com/sso/authsso/forumLogin.jsp (REF: http://www22.verizon.com/content/sso/signin.aspx <with more data following>
signin.verizon.com : server does not support RFC 5746, see CVE-2009-3555


I noticed someone with a similar login problem on a Wells Fargo site. The latest development build refers to a fix for that site. Is there a more general fix?



Thanks,

JohnD

Re: Problem logging into a site

Posted: Sun Jun 05, 2011 11:34 am
by therube
URL: http://www22.verizon.com/content/sso/signin.aspx
(bogus data works fine)

Code: Select all

[NoScript XSS] Sanitized suspicious upload to [https://signin.verizon.com/sso/authsso/communityLogin.jsp###DATA###%2FwEPDwUKMTA4MjQzODA5Nw9kFgICAQ9kFiQCBA8WAh4EVGV4dGVkAgkPDxYCHwBlFgIeBXN0eWxlBQ1kaXNwbGF5Om5vbmU7ZAIKDw9kFgIeCm9ua2V5cHJlc3MFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCCw8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCDA8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCDQ8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCDg8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCDw8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCEA8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCEQ8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCFA9kFgICAQ8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCFQ8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCFw8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCGA8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCGQ8PZBYCHwIFIWRvQ2xpY2soJ3RlbF9idG5fcmVnaXN0ZXInLGV2ZW50KWQCGg8PZBYCHgdvbmNsaWNrBSRqYXZhc2NyaXB0OnJldHVybiB0ZWx2YWxpZGF0ZWZvcm0oKTtkAhwPDxYCHwBlFgIfAQUNZGlzcGxheTpub25lO2QCJw8PZBYCHwMFIWphdmFzY3JpcHQ6cmV0dXJuIHZhbGlkYXRlZm9ybSgpO2QYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFB2Noa0JveDMFFHRlbF9jaGtfYWNjZXB0X3Rlcm1zikzKXugzjFdrNqovBG2dFVgaEGk%3D] from [http://www22.verizon.com/content/sso/signin.aspx]: transformed into a download-only GET request.
Note that the XSS warning bar only appears for an instant, as the page refreshes.

Re: Problem logging into a site

Posted: Mon Jun 06, 2011 7:29 am
by johnpd
That is correct that a message momentarily appears at the top of the screen and then the page refreshes to its original state without logging me in.

JohnD

Re: Problem logging into a site

Posted: Sat Jun 11, 2011 4:32 am
by johnpd
The latest development build (2.1.1.2rc2) has fixed my issue. Thanks to Giorgio.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited