OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Grégory (gregory.lebras_at_security-corp.org)
Date: Sun Mar 02 2003 - 15:22:04 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) ________________________________________________________________________

    Security Corporation Security Advisory [SCSA-008]
    ________________________________________________________________________

    PROGRAM: PY-Livredor
    HOMEPAGE: http://www.py-scripts.com
                           http://www.scripts-php.com
    VULNERABLE VERSIONS: v1.0
    ________________________________________________________________________

    DESCRIPTION
    ________________________________________________________________________

    PY-Livredor is an easy guestbook script using Php4 and MySql with
    an administration which allow messages deletion.

    DETAILS
    ________________________________________________________________________

    A Cross-Site Scripting vulnerability have been found in PY-Livredor
    which allow attackers to inject script codes into the guestbook and use
    them on clients browser as if they were provided by the website.

    This Cross-Site Scripting vulnerability are found in the page for
    posting messages (index.php)

    An attacker can input specially crafted links and/or other
    malicious scripts.

    EXPLOIT
    ________________________________________________________________________

    A vulnerability was discovered in the page for posting messages,
    at this adress :

    http://[target]/livredor/index.php

    The vulnerability is at the level of the interpretation of the "titre",
    "Votre pseudo", "Votre e-mail", "Votre message" fields.

    Indeed, the insertion of a hostile code script in this field makes it
    possible to a malicious user to carry out this script on the navigator
    of the visitors.

    The hostile code could be :

    [script]alert("Cookie="+document.cookie)[/script]

    (open a window with the cookie of the visitor.)

    (replace [] by <>)

    SOLUTIONS
    ________________________________________________________________________

    No solution for the moment.

    VENDOR STATUS
    ________________________________________________________________________

    The vendor has reportedly been notified.

    LINKS
    ________________________________________________________________________

    http://www.security-corp.org/index.php?ink=4-15-1

    Version Française :

    http://www.security-corp.org/advisories/SCSA-008-FR.txt

    ------------------------------------------------------------
    Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
    ------------------------------------------------------------