SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Guest Gear Vendors:   Lycos
(Vendor Issues Fix) Re: Lycos HTML Gear 'Guest Gear' Web Site Guestbook Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Guest Gear Users
SecurityTracker Alert ID:  1005304
SecurityTracker URL:  http://securitytracker.com/id/1005304
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 27 2002
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   An input validation vulnerability was reported in the Lycos HTML Gear 'Guest Gear' guestbook service. A remote user can conduct cross-site scripting attacks against users of web sites that implement the Guest Gear service.

It is reported that a remote user can supply an e-mail address or web page URL to the Guest Gear function so that when a target user views the guestbook entry, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site using Guest Gear and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit is provided:

" STYLE="expression([javascript])

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with a site using Guest Gear, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor reports that effective in the 9/25/02 release of HTMLGear, the vulnerability has been fixed. Also, all new guestbooks now default to the "simple tags" security level.
Vendor URL:  htmlgear.lycos.com/specs/pro/guest.html (Links to External Site)
Cause:   Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Sep 15 2002 Lycos HTML Gear 'Guest Gear' Web Site Guestbook Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against Guest Gear Users



 Source Message Contents

Subject:  [VulnWatch] BugTraq ID: 5728


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Due to a bug in the content filtering engine of HTMLGear's "GuestGear"
application, it was possible for a malicious user to inject arbitrary
JavaScript into a guestbook page, in some browsers. (Various versions of
Internet Explorer were affected, however Netscape/Mozilla browsers were not.)
This bug existed under all guestbook security settings. 

Effective in the 9/25/02 release of HTMLGear, this security vulnerability has
been fixed.  Additionally, all new guestbooks will now default to the "simple
tags" security level. (Previously, the default was to use the less secure mode
by default.) 

- ---
Bobby Dominguez
Terra Lycos, Inc.
Information Security Manager, US
Voice: 781-370-2989
Fax:   781-370-2650


- ----------
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and should not be forwarded to others without
written consent from the sender. If this message has been received in error,
please immediately notify me via e-mail and delete it.  Please note that
Internet e-mail does not guarantee the confidentiality or the proper receipt of
the messages sent.  If the addressee of this message does not consent to the
use of Internet e-mail, please communicate it to me immediately.
- ----------

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPZN1kNBSA99T8QD3EQJ3rACgp9IA0/xXai1GATM3xoHvph7vxLMAniGP
pWTMLeOIvWrb8R54HDNr1rCv
=RyXi
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC