[27072] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Lycos HTMLGear Guestbook Script Injection Vulnerability

daemon@ATHENA.MIT.EDU (Matthew Murphy)
Wed Sep 18 02:44:54 2002

Message-ID: <007a01c25c3b$b6a52fa0$e62d1c41@kc.rr.com>
From: "Matthew Murphy" <mattmurphy@kc.rr.com>
To: "VulnDiscuss" <vulndiscuss@vulnwatch.org>,
        "VulnWatch" <vulnwatch@vulnwatch.org>,
        "Vuln-Dev" <vuln-dev@securityfocus.com>,
        "SecurITeam News" <news@securiteam.com>,
        "BugTraq" <bugtraq@securityfocus.com>
Date: Sat, 14 Sep 2002 17:11:44 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Lycos offers several advanced web applications through a service called
HTMLGear.  Among the services offered are guestbooks.  A vulnerability
exists in the Lycos guestbook that could enable someone to launch an attack
against visitors whose browsers supported inline CSS (IE, for example).

By specifying an e-mail address/web page URL like the following:

" STYLE="expression([javascript])

The JavaScript block will execute.  Some less-paranoid versions of the
guestbook also allow a typical IMG attack:

<IMG SRC="javascript:[javascript]">

This will yield the same results in many cases.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27072] in bugtraq

Lycos HTMLGear Guestbook Script Injection Vulnerability

daemon@ATHENA.MIT.EDU (Matthew Murphy)Wed Sep 18 02:44:54 2002

daemon@ATHENA.MIT.EDU (Matthew Murphy)
Wed Sep 18 02:44:54 2002