OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: tsrit-checkpoint.net
Date: Thu Mar 14 2002 - 08:15:29 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - -------------------------------------------------------------
    itcp advisory 4 advisoriesit-checkpoint.net
    http://www.it-checkpoint.net/advisory/4.html
    March 14th, 2002
    - -------------------------------------------------------------

    translation.lycos.com and infoplease.lycos.com allow Cross Site
    Scripting
    - --------------------------

    Affected program: -
    Vendor: Lycos.com
    Vulnerability-Class: Cross Site Scripting (CSS)
    OS specific: No
    Problem-Type: remote

    SUMMARY

    Cross Site Scripting in the translation and infoplease services of
    lycos.com possible

    DETAILS

    The translation and infoplease services of lycos.com are not checking
    for any hostile input so it is able to steal cookies.

    Bug analysis: Missing filters for Characters like "<" or ">"

    Impact: Stealing of cookies possible

    Exploit:

    The only thing you have to do is entering some HTML-Code in the
    textbox or
    just click on the following links:

    translation.lycos.com:
    http://translation.lycos.com/?urltext=>alert(document.cookie)</
    script
    >&lp=en_de&partner=demo-Lycos2-en

    - --------------

    infoplease.lycos.com:
    http://www.infoplease.lycos.com/search.php3?in=dictionary&query=
    e><scr
    ipt>alert(document.cookie)</script>

    Solution: Implement a filter which filters dangerous characters,
    especially "<" and ">"

    ADDITIONAL INFORMATION
    Vendor has been contacted.

    - - -------------------------------------------------------
    tSR <tsrit-checkpoint.net    >
    Member of:
    http://www.IT-Checkpoint.net

    We work for your security

    - - -----------------------
    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty
    of any kind.
    In no event shall we be liable for any damages whatsoever including
    direct, indirect, incidental, consequential, loss of business profits
    or
    special damages.

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

    iQA/AwUBPJCweCoElucNbCmCEQJ4owCg1uP6UotWtqeEWAgKPvP/wFbhkzcAoIF6
    pRXZwkWImhsIXW2Cq/eQF9AF
    =MetP
    -----END PGP SIGNATURE-----