[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20041220130945.GA25905@server.gwsh.gda.pl>
From: lazy at server.gwsh.gda.pl (lazy@...ver.gwsh.gda.pl)
Subject: Re: Gadu-Gadu, another two bugs
On Fri, Dec 17, 2004 at 11:23:38AM +0100, Jaroslaw Sajko wrote:
> Product: Gadu-Gadu, build 155 and older
> Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
> Impact: Script execution in local zone,
> Remote DoS
> Severity: High
> Authors: Blazej Miga <bla@....poznan.pl>,
> Jaroslaw Sajko <sloik@....poznan.pl>
> Date: 17/12/04
...
> [DETAILS]
>
> Bug 1.
> Parsing error. We can send a malicious string which has an url inside.
> This url can be a javascript code for example or reference to such a code.
> Code will execute when the window with message pops up. Code will execute
> in LOCAL ZONE! Works also with older versions.
>
> Example:
>
> Send such a string to any receipent:
> www.po"style=background-image:url(javascript:document.write('%3cscript%3ealert%28%22you%20are%20owned!%22%29%3c%2fscript%3e'));".pl
>
tlen.pl - another polish IM was also vulunerable to Bug1
they fixed it in 5.23.4.2 and (as I was told) they now block it on the servers, but you can check it
locally on your own client
__
Regards,
Michal Grzedzicki
Powered by blists - more mailing lists