[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY19-DAV58EF8503D86D356BDECABD9880@phx.gbl>
Date: Fri Jun 9 20:55:44 2006
From: se_cur_ity at hotmail.com (Morning Wood)
Subject: ASPListPics
- EXPL-A-2006-003 exploitlabs.com Retro Advisory 001 -
- ASPListpics -
RETRO-RELEASE DATE:
===================
Nov 11, 2004
Duplicate Release: June 06, 2006
by: r0t
http://pridels.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html
http://secunia.com/advisories/20517/
OVERVIEW
========
ASPListpics is a highly configurable ASP application that automatically
generates fast thumbnail web indexes of images in a folder structure.
AFFECTED PRODUCTS
=================
ASPListpics 4.x
http://www.iisworks.com
DETAILS
=======
1. XSS ( persistant )
PROOF OF CONCEPT LINKS AND RETRO-POC
=====================================
1. XSS ( Cross Site Scripting )
There is persistant XSS inclusion in the "comments"
feature of ASPListpics in the following:
field "name"
field "comment"
By embedding various types of XSS into the comment
section, we are able to render javascript in the
users browser.
below is a simple PoC ( Proof of Concept )
enter into the "comments" section malicious script.
comment: ohno<iframe src="http://whatismyip.com"></iframe>ouch
and is rendered as:
HTTP://[VUNERABLEHOST]/listpics/listpics.asp?a=rate&ID=[PICID]&Info=<
SCRIPTING HERE >9000|0
CREDITS
=======
r0t - http://pridels.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html
RETRO-CREDITS
=============
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs. At the original time
of discovery and retro-release date, the author was
not aware of any other advisories or patches available.
Retro-Advisories are released when either the same research
is released by a 3rd party, old private research that is no longer
active, or the product has been patched due to Vendor updates
before a formal Exploitlabs advisory was released to the public.
Donnie Werner
wood@...loitlabs.com
morning_wood@...e-h.org
--
web: http://exploitlabs.com
Powered by blists - more mailing lists