lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <50877119230.20020803220407@eyeonsecurity.net>
From: obscure at eyeonsecurity.net (Obscure)
Subject: MSN Groups makes cross site scripting easy

Advisory Title: MSN Groups makes cross site scripting easy

Release Date: 28/07/2002

Application: http://groups.msn.com/

Platform: Not applicable.

Version: till 28.Jun.2002 this exploit still works.

Severity: XSS!

Author:
Obscure
[ obscure@...onsecurity.net ]

Vendor Status:
a. I informed secure@...rosoft.com on 27 th May 2002 (2 months ago)
b. 30th May I got confirmation that they opened an "MSRC
investigation".
c. ID for this investigation is "ID is [MSRC 1174dg]"
d. No FIX yet. Plus I got no further feedback from Microsoft. I'm
quite sure the investigation got lost somewhere :-p

I put up email conversation with Microsoft on EoS:
http://eyeonsecurity.net/advisories/msngroups/secure_at_microsoft/


Web:

http://eyeonsecurity.net/advisories/msngroups/


Background.

(extracted from the help on http://groups.msn.com/)

My Groups is a list of links to all the MSN groups that you have
created,joined, or marked as interesting places to visit again. When
you are signed in with your Microsoft .NET Passport, your My Groups
list can be viewed:

o On the MSN People & Chat page.
o On the MSN Groups home page.
o When you click My Groups near the upper-left corner of any MSN
Groups page.

Groups that you join or create are automatically added to your My
Groups list. You can also add groups you like to visit by clicking Add
to Groups I Visit on the What's New page of the group.


Problem

Groups.MSN.com allows any member to upload any file and share them
with others. This means that malicious users can upload files which
can contain Active Content such as JavaScript and VBScript. Some of
these file types include:
o HTML
o SWF
- maybe a lot more file types.


Exploit Examples.

http://groups.msn.com/eyeonsecurity/page.msnw
Before accessing this page you will be asked to authenticate.
I put up 2 examples:
b33p.html
c00kie.swf (check out http://eyeonsecurity.net/papers for more info)

Both of these examples popup an alert with the cookie data.

You may also link to these from Hotmail by sending an e-mail as
demonstrated
on "Demo 3": http://eyeonsecurity.net/advisories/flash-demo/


Fix.

There are different approaches that should be taken. I think the
approach should be the same as with other Cross Site Scripting issues.


Disclaimer.

The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.


Feedback.

Please send suggestions, updates, and comments to:

Eye on Security
mail : obscure@...onsecurity.net
web  : http://www.eyeonsecurity.net


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ