lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri Nov  4 01:04:11 2005
From: h4xorcrew at gmail.com (tHe cReW)
Subject: H4-CREW-000003 Advirosy: Superclick XSS via
	popup.php

H4-CREW-000003 Advirosy: Superclick XSS via popup.php
Software: Superclick servers on the internet
Discovered by: h4 Crew
severety: moderates
investigations by the H4-Crew


Impacts.

[1]cookie theif
[2] hijacking XSS proxy (xssproxy.sourceforge.net)


Discussion
=========
H4-CREW-000003 Superclick Cross-Site Scripting

The Superclick offers high-speed internet connectivity to the
hospitality industry, providing internet accesses to an estimated 160
hotels with more than 20,000 rooms. Superclick offers the SIMS
(Superclick Internet Management Server) for internet access, but also
operates a number of public access proxy servers which integrate in to
browser toolbar functions when guest sign-on occur. The popup.php
script that runs on public Superclick servers is vulnerable to
Cross-site Scriptings.

[1] XSS
------------

The php script popup.php is vulnerable to the cross-site scriptings in
the "url" parameter.

/superclick/popup.php?toolbar=1& popup=0&url=<script>alert("PWND")</script>

These server do not filter access by IP address, so a link to the
server that any user follows will be redirected by the Superclick
scripts. This makes the Cross-Site Scriptings more serious because any
user could be affected by the reflected kind if any link points to a
vulnerable Superclick gateway. So this cross-site scriptings could
effect users who are not using the Superclick site for internet
access, but follow a link in a forum or email.

[2] Privacy concerns
-------------------------------
The superclick public gateways appear to cache some user web browsing
habits as evidence of the google search which reveals pages which the
Superclick has redirected users too.  The extent to whether lots of
user data is cached is also not known.

inurl:/superclick/popup.php

Solution
-----------
none at this time.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ