Bugtraq mailing list archives
ICQ WEB Portal multiple Cross Site Scripting vulnerability
From: "acz [iSecureLabs]" <aurelien.cabezon () iSecureLabs com>
Date: Mon, 20 Sep 1999 12:30:29 +0200
--[ ICQ WEB Portal multiple Cross Site Scripting vulnerability ]-- Problem discovered: 19/09/2001 by Cabezon Aurélien | aurelien.cabezon () iSecureLabs com | http://www.iSecureLabs.com --[ Overview ]-- The icq portal suffer from multiple Cross Site Scripting Vulnerability. http://www.icq.com -- [ Description ]-- ICQ web portal may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input from a form is not validated to prevent malicious HTML from being presented to the user. This search script http://search.icq.com/dirsearch.adp does not check anymore for malicious HTML or Java Script code. --[ Exemple 1 ]-- http://search.icq.com/dirsearch.adp?query=<h1>Hello !</h1><script>alert('hello');</script>est&wh=is&users=1 Screen Shots : http://www.isecurelabs.com/advisory/icq1.jpg http://www.isecurelabs.com/advisory/icq2.jpg --[ Exemple 2 ]-- http://web.icq.com/foo/<script>alert('hello');</script> Screen Shots : http://www.isecurelabs.com/advisory/icq3.jpg http://www.isecurelabs.com/advisory/icq4.jpg --[ Fix ]-- ICQ Team has been alerted --[ Informations about CSS ]-- http://httpd.apache.org/info/css-security/apache_specific.html http://www.cert.org/advisories/CA-2000-02.html --- Cabezon Aurélien | aurelien.cabezon () iSecureLabs com http://www.iSecureLabs.com | French Security Portal http://www.isecurelabs.com/advisory/icq-css.html
Current thread:
- New vulnerability in IIS4.0/5.0 ALife // BERG (Sep 19)
- Re: New vulnerability in IIS4.0/5.0 Dave Ahmad (Sep 19)
- Re: New vulnerability in IIS4.0/5.0 César González (Sep 19)
- ICQ WEB Portal multiple Cross Site Scripting vulnerability acz [iSecureLabs] (Sep 20)
- Re: New vulnerability in IIS4.0/5.0 Paul McGovern (Sep 21)
- Re: New vulnerability in IIS4.0/5.0 César González (Sep 19)
- Re: New vulnerability in IIS4.0/5.0 C?sar Gonz?lez (Sep 19)
- <Possible follow-ups>
- RE: New vulnerability in IIS4.0/5.0 Microsoft Security Response Center (Sep 20)
- Re: New vulnerability in IIS4.0/5.0 Dave Ahmad (Sep 19)