Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Obscure (obscure_at_eyeonsecurity.net)
Date: Sat Aug 03 2002 - 15:04:07 CDT
Advisory Title: MSN Groups makes cross site scripting easy
Release Date: 28/07/2002
Platform: Not applicable.
Version: till 28.Jun.2002 this exploit still works.
[ obscureeyeonsecurity.net ]
a. I informed securemicrosoft.com on 27 th May 2002 (2 months ago)
b. 30th May I got confirmation that they opened an "MSRC
c. ID for this investigation is "ID is [MSRC 1174dg]"
d. No FIX yet. Plus I got no further feedback from Microsoft. I'm
quite sure the investigation got lost somewhere :-p
I put up email conversation with Microsoft on EoS:
(extracted from the help on http://groups.msn.com/)
My Groups is a list of links to all the MSN groups that you have
created,joined, or marked as interesting places to visit again. When
you are signed in with your Microsoft .NET Passport, your My Groups
list can be viewed:
o On the MSN People & Chat page.
o On the MSN Groups home page.
o When you click My Groups near the upper-left corner of any MSN
Groups that you join or create are automatically added to your My
Groups list. You can also add groups you like to visit by clicking Add
to Groups I Visit on the What's New page of the group.
Groups.MSN.com allows any member to upload any file and share them
with others. This means that malicious users can upload files which
these file types include:
- maybe a lot more file types.
Before accessing this page you will be asked to authenticate.
I put up 2 examples:
c00kie.swf (check out http://eyeonsecurity.net/papers for more info)
Both of these examples popup an alert with the cookie data.
You may also link to these from Hotmail by sending an e-mail as
on "Demo 3": http://eyeonsecurity.net/advisories/flash-demo/
There are different approaches that should be taken. I think the
approach should be the same as with other Cross Site Scripting issues.
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
Please send suggestions, updates, and comments to:
Eye on Security
mail : obscureeyeonsecurity.net
web : http://www.eyeonsecurity.net