[22690] in bugtraq
ICQ WEB Portal multiple Cross Site Scripting vulnerability
daemon@ATHENA.MIT.EDU (acz [iSecureLabs])
Thu Sep 20 12:41:44 2001
From: "acz [iSecureLabs]" <aurelien.cabezon@iSecureLabs.com>
To: <Bugtraq@securityfocus.com>
Cc: <vulnwatch@vulnwach.org>
Date: Mon, 20 Sep 1999 12:30:29 +0200
Message-ID: <GCEDJILAIFDLIEDHEIMPKEEHCMAA.aurelien.cabezon@iSecureLabs.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
In-Reply-To: <200109192130.f8JLUgj15852@bolo.sytes.net>
--[ ICQ WEB Portal multiple Cross Site Scripting vulnerability ]--
Problem discovered: 19/09/2001
by Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com |
http://www.iSecureLabs.com
--[ Overview ]--
The icq portal suffer from multiple Cross Site Scripting Vulnerability.
http://www.icq.com
-- [ Description ]--
ICQ web portal may inadvertently include malicious HTML tags or script in a
dynamically generated page based on unvalidated input from untrustworthy
sources.
This can be a problem when a web server does not adequately ensure that
generated pages are properly encoded to prevent unintended execution of
scripts, and when input from a form is not validated to prevent malicious
HTML from being presented to the user.
This search script http://search.icq.com/dirsearch.adp does not check
anymore for malicious HTML or Java Script code.
--[ Exemple 1 ]--
http://search.icq.com/dirsearch.adp?query=<h1>Hello
!</h1><script>alert('hello');</script>est&wh=is&users=1
Screen Shots :
http://www.isecurelabs.com/advisory/icq1.jpg
http://www.isecurelabs.com/advisory/icq2.jpg
--[ Exemple 2 ]--
http://web.icq.com/foo/<script>alert('hello');</script>
Screen Shots :
http://www.isecurelabs.com/advisory/icq3.jpg
http://www.isecurelabs.com/advisory/icq4.jpg
--[ Fix ]--
ICQ Team has been alerted
--[ Informations about CSS ]--
http://httpd.apache.org/info/css-security/apache_specific.html
http://www.cert.org/advisories/CA-2000-02.html
---
Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com
http://www.iSecureLabs.com | French Security Portal
http://www.isecurelabs.com/advisory/icq-css.html
