Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage

from [LegendaryZion] Network Security [Permanent Link]
Subject: [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions
Date: Tue, 31 Oct 2006 18:30:16 +0200 

·= Security Advisory =·
Issue: Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet 
Internet SolutionsDiscovered Date: 29/01/2006Author: Tal Argoni, LegendaryZion. 
[talargoni at gmail.com]Product Vendor: http://www.daronet.co.il
Details:
Daronet Internet Solutions website platform is prone to a Cross Site Scripting 
Vulnerability.The vulnerability exists in "ViewImage.asp" file, caused by the 
lack of Input Validation/Filteringof quotation and HTML characters in the GET 
parameter "Image".The use of "ViewImage.asp" is done by "Funclib.js".
Contents of Funclib.js:---------------------------------...
function fnShowFullImg(sFile) { 
window.open("ViewImage.asp?Image="+sFile,"image","top=50,left=50,width="+(screen.availWidth-100)+",height="+(screen.availHeight-100)+",scrollbars");}...After
 the function is being called, ViewImage.asp prints the following 
HTMLcode:------------------------------------------------------------------------------------------------------------------...<td
 style="border: 2px solid #FFFFFF;"><img src="<Unfiltered Input>"style="border: 
1px solid #000000;"></td>...Exploitation 
URL:http://www.example.com/ViewImage.asp?Image=";>your xss code hereSuccessful 
exploitation may allow execution of script code. This could alsobe exploited to 
spoof the entire website's content,create fake login menu's for all the 
platform's users, commit Denial OfService attacks and more...Proof Of 
Concept:http://www.example.com/ViewImage.asp?Image=";><script>alert()<script>To 
view the full list of vulnerable 
websites:http://www.daronet.co.il/Index.asp?CategoryID=46&SubjectID=&Page=1Even 
http://www.2bsecure.co.i l!....XSS + Phishing + Social =Daronet Internet 
Solutions provide an Administration System,that help customers to manage there 
website by log in to vulnerable XSSpage.The attacker has full access to the 
retrieved web page just as fake loginpage to the administration system,that 
cause customer may unintentionally login to attacker fake login page,and send 
the password of the administration system to the attacker.("hackthe 
website").http://support.daronet.com/usermanual4.0/ViewImage.asp?Image=";>Your 
XSS codeherehttp://support.daronet.com/basic3/ViewImage.asp?Image=";>Your XSS 
code hereThanks,Tal Argoni, CEHwww.zion-security.com
_______________________________________________Full-Disclosure - We believe in 
it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and 
sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions, LegendaryZion <=
Previous by Date:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint", LegendaryZion
Next by Date:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun", LegendaryZion
Previous by Thread:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint", LegendaryZion
Next by Thread:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun", LegendaryZion
Indexes:  [Date] [Thread] [Top] [All Lists]