lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <005e01c2e103$26a16ca0$0300a8c0@goliath>
From: gregory.lebras at security-corp.org (Gregory Le Bras | Security Corporation)
Subject: [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor

________________________________________________________________________

Security Corporation Security Advisory [SCSA-008]
________________________________________________________________________

PROGRAM: PY-Livredor
HOMEPAGE: http://www.py-scripts.com
                       http://www.scripts-php.com
VULNERABLE VERSIONS: v1.0
________________________________________________________________________

DESCRIPTION
________________________________________________________________________

PY-Livredor is an easy guestbook script using Php4 and MySql with
an administration which allow messages deletion.


DETAILS
________________________________________________________________________

A Cross-Site Scripting vulnerability have been found in PY-Livredor
which allow attackers to inject script codes into the guestbook and use
them on clients browser as if they were provided by the website.

This Cross-Site Scripting vulnerability are found in the page for
posting messages (index.php)

An attacker can input specially crafted links and/or other
malicious scripts.


EXPLOIT
________________________________________________________________________

A vulnerability was discovered in the page for posting messages,
at this adress :

http://[target]/livredor/index.php


The vulnerability is at the level of the interpretation of the "titre",
"Votre pseudo", "Votre e-mail", "Votre message" fields.

Indeed, the insertion of a hostile code script in this field makes it
possible to a malicious user to carry out this script on the navigator
of the visitors.


The hostile code could be :

[script]alert("Cookie="+document.cookie)[/script]

(open a window with the cookie of the visitor.)

(replace [] by <>)


SOLUTIONS
________________________________________________________________________

No solution for the moment.


VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified.


LINKS
________________________________________________________________________

http://www.security-corp.org/index.php?ink=4-15-1

Version Fran?aise :

http://www.security-corp.org/advisories/SCSA-008-FR.txt


------------------------------------------------------------
Gr?gory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ