--[ ICQ WEB Portal multiple Cross Site Scripting vulnerability ]--
Problem discovered: 19/09/2001
by Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com |
http://www.iSecureLabs.com
--[ Overview ]--
The icq portal suffer from multiple Cross Site Scripting Vulnerability.
http://www.icq.com
-- [ Description ]--
ICQ web portal may inadvertently include malicious HTML tags or script in a
dynamically generated page based on unvalidated input from untrustworthy
sources.
This can be a problem when a web server does not adequately ensure that
generated pages are properly encoded to prevent unintended execution of
scripts, and when input from a form is not validated to prevent malicious
HTML from being presented to the user.
This search script http://search.icq.com/dirsearch.adp does not check
anymore for malicious HTML or Java Script code.
--[ Exemple 1 ]--
http://search.icq.com/dirsearch.adp?query=<h1>Hello
!</h1><script>alert('hello');</script>est&wh=is&users=1
Screen Shots :
http://www.isecurelabs.com/advisory/icq1.jpg
http://www.isecurelabs.com/advisory/icq2.jpg
--[ Exemple 2 ]--
http://web.icq.com/foo/<script>alert('hello');</script>
Screen Shots :
http://www.isecurelabs.com/advisory/icq3.jpg
http://www.isecurelabs.com/advisory/icq4.jpg
--[ Fix ]--
ICQ Team has been alerted
--[ Informations about CSS ]--
http://httpd.apache.org/info/css-security/apache_specific.html
http://www.cert.org/advisories/CA-2000-02.html
---
Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com
http://www.iSecureLabs.com | French Security Portal
http://www.isecurelabs.com/advisory/icq-css.html
Problem discovered: 19/09/2001
by Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com |
http://www.iSecureLabs.com
--[ Overview ]--
The icq portal suffer from multiple Cross Site Scripting Vulnerability.
http://www.icq.com
-- [ Description ]--
ICQ web portal may inadvertently include malicious HTML tags or script in a
dynamically generated page based on unvalidated input from untrustworthy
sources.
This can be a problem when a web server does not adequately ensure that
generated pages are properly encoded to prevent unintended execution of
scripts, and when input from a form is not validated to prevent malicious
HTML from being presented to the user.
This search script http://search.icq.com/dirsearch.adp does not check
anymore for malicious HTML or Java Script code.
--[ Exemple 1 ]--
http://search.icq.com/dirsearch.adp?query=<h1>Hello
!</h1><script>alert('hello');</script>est&wh=is&users=1
Screen Shots :
http://www.isecurelabs.com/advisory/icq1.jpg
http://www.isecurelabs.com/advisory/icq2.jpg
--[ Exemple 2 ]--
http://web.icq.com/foo/<script>alert('hello');</script>
Screen Shots :
http://www.isecurelabs.com/advisory/icq3.jpg
http://www.isecurelabs.com/advisory/icq4.jpg
--[ Fix ]--
ICQ Team has been alerted
--[ Informations about CSS ]--
http://httpd.apache.org/info/css-security/apache_specific.html
http://www.cert.org/advisories/CA-2000-02.html
---
Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com
http://www.iSecureLabs.com | French Security Portal
http://www.isecurelabs.com/advisory/icq-css.html