Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Me

from [LegendaryZion] Network Security [Permanent Link]
Subject: [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun"
Date: Tue, 31 Oct 2006 18:33:30 +0200 

·= Security Advisory =·
Issue: Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server 
Messenger Express by "Sun"Discovered Date: 25/09/2006Author: Tal Argoni, 
LegendaryZion. [talargoni at gmail.com]Product Vendor: http://www.sun.com/

Details:
iPlanet Messaging Server Messenger Express by "Sun" is prone to a Cross Site 
Scripting Vulnerability.The vulnerability exists in filter engine, caused by 
the lack of Input Validation/Filteringof malicious Method "Expression()" of 
Cascading Style Sheets (CSS).
About Cascading Style Sheets (CSS):
Cascading Style Sheets (CSS) is a stylesheet language used to describe the 
presentationof a document written in a markup language. Its most common 
application is to style web pages writtenin HTML and 
XHTML.English:http://en.wikipedia.org/wiki/Cascading_Style_Sheets
About Expression() Method:
Receive string that specifies any valid script(JScript, JavaScript, 
VBSCript)statement without quotations or semicolons. This string can include 
references toother properties on the current page. Array references are not 
allowed on objectproperties included in this script.
<ELEMENT STYLE="AttributeName:expression(Script)">
Exploitation Mail:
...------=_NextPart_000_0006_01C6DD9E.26B2BBD0Content-Type: text/html;
<IMG width="0" height="0" style="width: expression(alert('expression'));">...

Successful exploitation may allow execution of script code. This could also be 
exploitedto execute malicious scripts, spoof the entire website's content, 
stealing cookies, stealing session ID,commit Denial Of Service attacks and 
more...
Proof Of Concept:
<IMG style="width: expression(alert('expression'));">
google 
ithttp://www.google.com/search?q=allintitle%3A+%22iPlanet+Messenger+Express%22
Israels ISP using the web mail:Netvision - http://www.netvision.net.il/012 -    
 http://www.012.net/
Around the globe:The City University of New York - 
http://www.jjay.cuny.edu/http://www.idm.net.lb/https://www.utk.edu/


_______________________________________________Full-Disclosure - We believe in 
it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and 
sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun", LegendaryZion <=
Previous by Date:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions, LegendaryZion
Next by Date:  [Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Service" of Icq, LegendaryZion
Previous by Thread:  [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions, LegendaryZion
Next by Thread:  [Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Service" of Icq, LegendaryZion
Indexes:  [Date] [Thread] [Top] [All Lists]