BugTraq
Back to list
|
Post reply
[SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
Mar 02 2003 09:22PM
Grégory Le Bras (gregory lebras security-corp org)
________________________________________________________________________
Security Corporation Security Advisory [SCSA-008]
________________________________________________________________________
PROGRAM: PY-Livredor
HOMEPAGE: http://www.py-scripts.com
http://www.scripts-php.com
VULNERABLE VERSIONS: v1.0
________________________________________________________________________
DESCRIPTION
________________________________________________________________________
PY-Livredor is an easy guestbook script using Php4 and MySql with
an administration which allow messages deletion.
DETAILS
________________________________________________________________________
A Cross-Site Scripting vulnerability have been found in PY-Livredor
which allow attackers to inject script codes into the guestbook and use
them on clients browser as if they were provided by the website.
This Cross-Site Scripting vulnerability are found in the page for
posting messages (index.php)
An attacker can input specially crafted links and/or other
malicious scripts.
EXPLOIT
________________________________________________________________________
A vulnerability was discovered in the page for posting messages,
at this adress :
http://[target]/livredor/index.php
The vulnerability is at the level of the interpretation of the "titre",
"Votre pseudo", "Votre e-mail", "Votre message" fields.
Indeed, the insertion of a hostile code script in this field makes it
possible to a malicious user to carry out this script on the navigator
of the visitors.
The hostile code could be :
[script]alert("Cookie="+document.cookie)[/script]
(open a window with the cookie of the visitor.)
(replace [] by <>)
SOLUTIONS
________________________________________________________________________
No solution for the moment.
VENDOR STATUS
________________________________________________________________________
The vendor has reportedly been notified.
LINKS
________________________________________________________________________
http://www.security-corp.org/index.php?ink=4-15-1
Version Française :
http://www.security-corp.org/advisories/SCSA-008-FR.txt
------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
________________________________________________________________________
Security Corporation Security Advisory [SCSA-008]
________________________________________________________________________
PROGRAM: PY-Livredor
HOMEPAGE: http://www.py-scripts.com
http://www.scripts-php.com
VULNERABLE VERSIONS: v1.0
________________________________________________________________________
DESCRIPTION
________________________________________________________________________
PY-Livredor is an easy guestbook script using Php4 and MySql with
an administration which allow messages deletion.
DETAILS
________________________________________________________________________
A Cross-Site Scripting vulnerability have been found in PY-Livredor
which allow attackers to inject script codes into the guestbook and use
them on clients browser as if they were provided by the website.
This Cross-Site Scripting vulnerability are found in the page for
posting messages (index.php)
An attacker can input specially crafted links and/or other
malicious scripts.
EXPLOIT
________________________________________________________________________
A vulnerability was discovered in the page for posting messages,
at this adress :
http://[target]/livredor/index.php
The vulnerability is at the level of the interpretation of the "titre",
"Votre pseudo", "Votre e-mail", "Votre message" fields.
Indeed, the insertion of a hostile code script in this field makes it
possible to a malicious user to carry out this script on the navigator
of the visitors.
The hostile code could be :
[script]alert("Cookie="+document.cookie)[/script]
(open a window with the cookie of the visitor.)
(replace [] by <>)
SOLUTIONS
________________________________________________________________________
No solution for the moment.
VENDOR STATUS
________________________________________________________________________
The vendor has reportedly been notified.
LINKS
________________________________________________________________________
http://www.security-corp.org/index.php?ink=4-15-1
Version Française :
http://www.security-corp.org/advisories/SCSA-008-FR.txt
------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------
[ reply ]