Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery b

from [LegendaryZion] Network Security [Permanent Link]
Subject: [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
Date: Tue, 31 Oct 2006 18:37:09 +0200 

·= Security Advisory =·
Issue: Cross Site Scripting (XSS) Vulnerability in Netquery by 
"VIRtech"Discovered Date: 04/10/2006Author: Tal Argoni, LegendaryZion. 
[talargoni at gmail.com]Product Vendor: http://www.virtech.org
Details:
VIRtechs Netquery system is prone to a Cross Site Scripting Vulnerability.The 
vulnerability exists in "nquser.php" file, caused by the lack of Input 
Validation/Filteringof quotation and HTML characters in the header parameter 
"User-Agent:".
Part of the http header:
GET http://target/netquery/nquser.php HTTP/1.0User-Agent: 
<script>alert('User-Agent:')</script>...

After send the crafted http header, nquser.php prints the following HTML 
code:------------------------------------------------------------------------------------------------------------------...User
 Agent : <script>alert('User-Agent:')</script><br />...


Successful exploitation may allow execution of script code. This could also be 
exploited to spoof the entire website's content,create fake login menu's for 
all the platform's users, commit Denial Of Service attacks and more...
Proof Of Concept:
GET http://virtech.org/e107/e107_plugins/netquery/nquser.php HTTP/1.0Accept: 
*/*Referer: http://virtech.org/tools/Accept-Language: en-usPragma: 
no-cacheUser-Agent: <script>alert()</script>Host: virtech.orgProxy-Connection: 
Keep-AliveCookie: e107_tdOffset=32630; e107_tdSetTime=1159974893; 
e107_tzOffset=420Content-length: 0
Vulnerable systems:e107 EditionPostnuke EditionXaraya EditionXoops Edition
Not vulnerable systems:Standalone EditionFusion Edition

Thanks,Tal Argoni, CEHwww.zion-security.com 
_______________________________________________Full-Disclosure - We believe in 
it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and 
sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech", LegendaryZion <=
Previous by Date:  [Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Service" of Icq, LegendaryZion
Next by Date:  Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution, xxxx
Previous by Thread:  [Full-disclosure] Local Heap OverFlow Vulnerability in "Answering Service" of Icq, LegendaryZion
Next by Thread:  PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability, paisterist . nst
Indexes:  [Date] [Thread] [Top] [All Lists]