Bugtraq mailing list archives
Another Faq-O-Matic XSS Vuln?
From: "BrainRawt ." <brainrawt () hotmail com>
Date: Fri, 19 Apr 2002 23:03:49 +0000
Another Faq-O-Matic XSS Vuln? -----------------------------I have seen other XSS advisories on bugtraq and securityfocus for Faq-O-Matic,
but I have not seen an advisory for this particular vulnerability. Faq-O-Matic XSS (cross site scripting) Vulnerability Disovered By BrainRawt (http://rawt.daemon.sh) About Faq-O-Matic: ------------------The Faq-O-Matic is a CGI-based system that automates the process of maintaining a FAQ (or Frequently Asked Questions list). It allows visitors to your FAQ to
take part in keeping it up-to-date. Faq-O-Matic can be downloaded @ http://sourceforge.net/projects/faqomatic Vulnerable (tested) Versions: -------------------- Faq-O-Matic 2.712 Faq-O-Matic 2.711 Vendor Contact: ---------------- 4-19-02 - An email was sent to jonhowell at users.sourceforge.net discussing this issue. 4-19-02 0 An email was received from Jon Howell claiming that this vulnerability and others have been fixed in the current CVS tree, which hasnt been released yet.NOTE: Jon seems like a great guy and as you can see by the date, replied to my email VERY quickly. Thanks alot Jon for your quick reply and I hope to
see that new CVS tree released soon. Vulnerability: ----------------Faq-O-Matics fom.cgi improperly filters "file" which can be changed by visitors
to the site. If the "file" doesnt exist, the script prints it to the html. A malicious vistor to this website can change "file" from its original calland insert javascript into the site. This vulnerability can be used for various
reasons from website redirection to cookie theft. Exploit (POC): ---------------- http://www.target.net/path_to_Faq-O-Matic/fom?file=<script>alert('If+this+script +was+modified,+it+could+easily+steal+amigadev.net+cookies+and+log+them+to+a+remote +location')</script>&step -------------------------------------------------------------------------- Which Looks Better? BlackHat or White? You Decide! - BrainRawt _________________________________________________________________Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
Current thread:
- Another Faq-O-Matic XSS Vuln? BrainRawt . (Apr 20)