Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Syhunt: MyCyberTwin Multiple Cross-Site Scripting Vulnerabil

from [Alec Storm] Network Security [Permanent Link]
Subject: [VulnWatch] Syhunt: MyCyberTwin Multiple Cross-Site Scripting Vulnerabilities
Date: Tue, 24 Apr 2007 13:57:30 -0300 
Syhunt: MyCyberTwin Multiple Cross-Site Scripting Vulnerabilities

Advisory-ID: 200703041
Discovery Date: 4.3.2007
Release Date:  4.24.2007
Affected Applications: MyCyberTwin service
Class: Cross-Site Scripting (Cookie-Theft), HTML Injection
Status: Unpatched/Vendor informed
Vendor: MyCyberTwin
Vendor URL: http://www.mycybertwin.com/

----------------------------------------------------------------

Overview:
MyCyberTwin is a website that allows users to develop virtual
personalities/bots called "cybertwins". The MyCyberTwin website
informs that 6483 bots were already created. MyCyberTwin also
says that the service is still alpha.

Description:
MyCyberTwin service is vulnerable to cross-site scripting (XSS)
and HTML injection. Input passed directly to the "message"
parameter is not properly sanitised before being returned to the
user. It is also possible to inject code in the bot profile.
Since profile info is also displayed in user galleries and the
main web page, this vulnerability can make a large number of
users an easy target.

The vulnerability can be exploited to execute arbitrary HTML
code and script code in the user's browser session. It is even
possible to create a fake index/login page at the main web site
page at: http://mycybertwin.com

----------------------------------------------------------------

Details:
1) Message param XSS

http://mycybertwin.com/message.jsp?nextpage=/index.jsp&message=
<script>alert(document.cookie);</script>

2) Profile XSS

It is possible to inject html/script code in the "Display name"
field or the "City" field in the myhome.jsp page
(http://mycybertwin.com/myhome.jsp).

The injected code will be displayed at:
http://mycybertwin.com/chat/[botname]
and
http://mycybertwin.com/viewmycybertwins.jsp
and in the main web site page at:
http://mycybertwin.com

3) Conversation page XSS

When you start a conversation with a bot, your name is asked and
the bot creator is informed about it. If you provide html code
as a name, it will be displayed in the conversations page (at:
http://mycybertwin.com/myconversations.jsp)

----------------------------------------------------------------

Vulnerability Status:
MyCyberTwin was notified, but no reply has been received and
apparently no measures were taken.

----------------------------------------------------------------

Disclaimer:
The information in this advisory is provided "as is" without
warranty of any kind. Details provided are strictly for
educational and defensive purposes.

Syhunt is not liable for any damages caused by direct or
indirect use of the information provided by this advisory.

---
Credit:
Alec Storm, Syhunt Security Research Team, www.syhunt.com

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Syhunt: MyCyberTwin Multiple Cross-Site Scripting Vulnerabilities, Alec Storm <=
Previous by Date:  [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz
Next by Date:  [VulnWatch] Syhunt: Google Talk (gTalk) HTML Injection Technique, Alec Storm
Previous by Thread:  [Full-disclosure] Apache Illegal Request Handling Possible XSS Vulnerability, Michal Majchrowicz
Next by Thread:  [VulnWatch] Syhunt: Google Talk (gTalk) HTML Injection Technique, Alec Storm
Indexes:  [Date] [Thread] [Top] [All Lists]