[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY1-F120P7sdI5Xx2200078adf@hotmail.com>
From: m_u_d_i_t_a at hotmail.com (Nobody Jones)
Subject: Trivial XSS in www.cryptocard.com Search function
Vendor: CRYPTOcard Corp.
Product: Search functionality on www.cryptocard.com
Tested on: Win XP SP1 IE 6.0
Discovery: Author
Risk: Medium severity
Title: Trivial XSS in www.cryptocard.com Search function
..............................................
Background Information
----------------------
CRYPTOCard is a privately owned company. They are developers and marketers
of, and passionate evangelists for, powerful network security technology.
CRYPTOCard are a small company that has, over the years (they were formed in
1989) attracted the interest and the custom of the likes of Fujitsu; Wijs En
Van Oostveen, Amsterdam; Mercy Health, Ohio; The Canadian Space Agency,
Ottawa; State Employees Credit Union, Michigan; Rothschild Bank, Zurich;...
the list goes on.
Description
-----------
The search functionality of the web site http://www.cryptocard.com has not
been probably
configured, allowing for potential XSS attacks. These may allow a remote
attacker to execute
arbitrary code that may lead to privilege escalation and remote access to
back end systems
and architecture.
At present it is possible for a remote attacker to force the server into
revealing error messages
that may prove useful, and execute commands using their browser.
Proof of Concept
----------------
Entering the following string in the search function located on the
corporate web site forces the dispay of a JavScript alert box:
<script>alert('XSS vulnerability')</script>
Contact information
-------------------
The author of this advisory can be contacted at m_u_d_i_t_a@...mail.com.
Disclaimer
-----------
The author of this advisory is not responsible for the misuse of the
information contained
herein. Any use of the information in this advisory is used at personal
risk, the author
accepts no liability for any damages that may occour.
Additional Information
----------------------
The vendor was informed of this issue on 1st June 2004. They have not
responded as yet.
_________________________________________________________________
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
Powered by blists - more mailing lists