Lucene search

K

asp-listpics-43-xss-vuln.txt

🗓️ 12 Jun 2006 00:00:00Reported by Donnie WernerType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 17 Views

ASPListpics 4.x XSS (Cross Site Scripting) vulnerabilit

Show more
Code
` - EXPL-A-2006-003 exploitlabs.com Retro Advisory 001 -  
  
- ASPListpics -  
  
  
  
  
RETRO-RELEASE DATE:  
===================  
Nov 11, 2004  
  
Duplicate Release: June 06, 2006  
by: r0t  
http://pridels.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html  
http://secunia.com/advisories/20517/  
  
  
OVERVIEW  
========  
ASPListpics is a highly configurable ASP application that automatically  
generates fast thumbnail web indexes of images in a folder structure.  
  
  
  
AFFECTED PRODUCTS  
=================  
ASPListpics 4.x  
http://www.iisworks.com  
  
  
  
DETAILS  
=======  
1. XSS ( persistant )  
  
  
  
PROOF OF CONCEPT LINKS AND RETRO-POC  
=====================================  
1. XSS ( Cross Site Scripting )  
  
There is persistant XSS inclusion in the "comments"  
feature of ASPListpics in the following:  
  
field "name"  
field "comment"  
  
By embedding various types of XSS into the comment  
section, we are able to render javascript in the  
users browser.  
  
below is a simple PoC ( Proof of Concept )  
  
enter into the "comments" section malicious script.  
comment: ohno<iframe src="http://whatismyip.com"></iframe>ouch  
  
and is rendered as:  
HTTP://[VUNERABLEHOST]/listpics/listpics.asp?a=rate&ID=[PICID]&Info=<   
SCRIPTING HERE >9000|0  
  
  
  
CREDITS  
=======  
r0t - http://pridels.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html  
  
  
  
RETRO-CREDITS  
=============  
This vulnerability was discovered and researched by  
Donnie Werner of exploitlabs. At the original time  
of discovery and retro-release date, the author was  
not aware of any other advisories or patches available.  
  
Retro-Advisories are released when either the same research  
is released by a 3rd party, old private research that is no longer  
active, or the product has been patched due to Vendor updates  
before a formal Exploitlabs advisory was released to the public.  
  
  
Donnie Werner  
[email protected]  
[email protected]  
  
--   
web: http://exploitlabs.com  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo