{"id": "SECURITYVULNS:DOC:6326", "bulletinFamily": "software", "title": "[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability", "description": "ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability\r\n\r\nRelease Date:\r\nJune 9, 2004\r\n\r\nSeverity:\r\nMedium\r\n\r\nVendor:\r\nAspDotNetStorefront.com A Division of Discovery Productions, Inc.\r\n\r\nSoftware:\r\nTested on AspDotNetStorefront 3.3 \r\nPrevious versions may also be affected.\r\n\r\nRemote:\r\nRemotely executed from any web browser\r\n\r\nTechnical Details:\r\nThe malicious user is able to compromise the hidden field ReturnURL to\r\ninvoke a Cross-Site Scripting attack. This can be used to take advantage of\r\nthe trust between a client and server allowing the malicious user to execute\r\nmalicious JavaScript on the clients machine.\r\n\r\n\r\nExamples:\r\n\r\nhttp://www.victimsite.com/aspdotnetcart/admin/signin.aspx?returnurl=1"style=\r\n"background:url(javascript:alert('Vulnerable_To_XSS'))"%20"\r\n\r\nhttp://www.victimsite.com/aspdotnetcart/admin/signin.aspx?returnurl=--><scri\r\npt>alert('Vulnerable_To_XSS')</script>\r\n\r\nhttp://www.victimsite.com/aspdotnetcart/admin/signin.aspx?returnurl=>"><scri\r\npt>alert("Vulnerable_To_XSS")</script>\r\n\r\nhttp://www.victimsite.com/aspdotnetcart/admin/signin.aspx?returnurl=>"'><img\r\n%20src="javascript:alert('Vulnerable_To_XSS')">\r\n\r\n\r\nVendor Status:\r\nUpdates are available for customers to download.\r\nVendor was provided a list of vulnerabilities on June 5th.\r\nApplication was fixed by June 6th.\r\nhttp://www.aspdotnetstorefront.com\r\n\r\n\r\nCredit:\r\nDiscovered By: Thomas Ryan\r\nProvide Security\r\n\r\nCopyright (c) 2004 Provide Security\r\nPermission is hereby granted for the redistribution of this alert\r\nelectronically. It is not to be edited in any way without the expressed\r\nwritten consent of Provide Security. If you wish to reprint the whole or any\r\npart of this advisory in any other medium excluding electronic medium,\r\nplease email secalert@providesecurity.com for permission.\r\n\r\nDisclaimer\r\nThe information within this paper may change without notice. Use of this\r\ninformation constitutes acceptance for use in an AS IS condition. There are\r\nno warranties, implied or express, with regard to this information. In no\r\nevent shall the author be liable for any direct or indirect damages\r\nwhatsoever arising out of or in connection with the use or spread of this\r\ninformation. Any use of this information is at the user's own risk.\r\n\r\n", "published": "2004-06-10T00:00:00", "modified": "2004-06-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6326", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:10", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 1.8, "vector": "NONE", "modified": "2018-08-31T11:10:10", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2880833", "KB2746164", "KB953334", "KB2874216", "KB981401", "KB983509", "KB2425179", "KB2510690", "KB2501721", "KB2785908"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}], "modified": "2018-08-31T11:10:10", "rev": 2}, "vulnersScore": 1.8}, "affectedSoftware": [], "immutableFields": []}

{"rst": [{"lastseen": "2021-04-12T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **96[.]249.236.156** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2020-09-22T03:00:00, Last seen: 2021-04-12T03:00:00.\n IOC tags: **generic**.\nASN 701: (First IP 96.249.208.0, Last IP 96.250.255.255).\nASN Name \"UUNET\" and Organisation \"MCI Communications Services Inc dba Verizon Business\".\nASN hosts 198782 domains.\nGEO IP information: City \"Virginia Beach\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-22T00:00:00", "id": "RST:BD7FEE3B-6326-3D0B-99CE-8A1248EEEBE0", "href": "", "published": "2021-04-14T00:00:00", "title": "RST Threat feed. IOC: 96.249.236.156", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **naviguationprivefr[.]gq** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-08-13T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-13T00:00:00", "id": "RST:CEEFDE0B-6326-3583-BE35-3C48139D19D1", "href": "", "published": "2021-04-12T00:00:00", "title": "RST Threat feed. IOC: naviguationprivefr.gq", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **104syllabi[.]dailyspecialzz.info** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-02T03:00:00, Last seen: 2021-04-10T03:00:00.\n IOC tags: **malware**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-02T00:00:00", "id": "RST:F44EC0AA-6326-3561-BCE1-8E4708854B4A", "href": "", "published": "2021-04-12T00:00:00", "title": "RST Threat feed. IOC: 104syllabi.dailyspecialzz.info", "type": "rst", "cvss": {}}, {"lastseen": "2021-04-08T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **101[.]37.30.196** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-04-08T03:00:00, Last seen: 2021-04-08T03:00:00.\n IOC tags: **generic**.\nASN 37963: (First IP 101.37.0.0, Last IP 101.37.255.255).\nASN Name \"CNNICALIBABACNNETAP\" and Organisation \"Hangzhou Alibaba Advertising CoLtd\".\nASN hosts 2769895 domains.\nGEO IP information: City \"\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-04-08T00:00:00", "id": "RST:2070BD91-6326-39E5-8D1D-808D0E6CBF1F", "href": "", "published": "2021-04-08T00:00:00", "title": "RST Threat feed. IOC: 101.37.30.196", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **41[.]210.145.59** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **39**.\n First seen: 2021-03-18T03:00:00, Last seen: 2021-03-25T03:00:00.\n IOC tags: **generic**.\nASN 20294: (First IP 41.210.142.0, Last IP 41.210.147.255).\nASN Name \"MTN\" and Organisation \"\".\nASN hosts 45 domains.\nGEO IP information: City \"Kampala\", Country \"Uganda\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-18T00:00:00", "id": "RST:8B8F47BD-6326-37E0-BDFF-D0DEEB0BC034", "href": "", "published": "2021-03-26T00:00:00", "title": "RST Threat feed. IOC: 41.210.145.59", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-12T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **https://dhlgpi[.]com/0469026f40364f0** in [RST Threat Feed](https://rstcloud.net/profeed) with score **65**.\n First seen: 2021-03-12T03:00:00, Last seen: 2021-03-12T03:00:00.\n IOC tags: **phishing**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-12T00:00:00", "id": "RST:7346048D-6326-325A-9C3A-D195E27BC69D", "href": "", "published": "2021-03-12T00:00:00", "title": "RST Threat feed. IOC: https://dhlgpi.com/0469026f40364f0", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **172[.]97.155.191** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **41**.\n First seen: 2021-03-01T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 11814: (First IP 172.97.128.0, Last IP 172.97.255.255).\nASN Name \"DISTRIBUTELAS11814\" and Organisation \"DISTRIBUTEL COMMUNICATIONS LTD\".\nASN hosts 1172 domains.\nGEO IP information: City \"Toronto\", Country \"Canada\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-01T00:00:00", "id": "RST:43E378C9-6326-3E2F-BE80-D3ED4862EDF2", "href": "", "published": "2021-03-11T00:00:00", "title": "RST Threat feed. IOC: 172.97.155.191", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-11T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **112[.]210.156.180** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-11T03:00:00, Last seen: 2021-03-11T03:00:00.\n IOC tags: **generic**.\nASN 9299: (First IP 112.210.0.0, Last IP 112.210.191.255).\nASN Name \"IPGASAP\" and Organisation \"Philippine Long Distance Telephone Company\".\nASN hosts 2109 domains.\nGEO IP information: City \"Manila\", Country \"Philippines\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-11T00:00:00", "id": "RST:5F16103D-6326-32AC-B14A-93E487B9250E", "href": "", "published": "2021-03-11T00:00:00", "title": "RST Threat feed. IOC: 112.210.156.180", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-11T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **8[.]47.15.115** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-03-11T03:00:00, Last seen: 2021-03-11T03:00:00.\n IOC tags: **generic**.\nASN 13335: (First IP 8.47.12.0, Last IP 8.47.15.255).\nASN Name \"CLOUDFLARENET\" and Organisation \"Cloudflare Inc\".\nThis IP is a part of \"**cloudflare**\" address pools.\nASN hosts 39676712 domains.\nGEO IP information: City \"\", Country \"United States\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-11T00:00:00", "id": "RST:0E8B2584-6326-3C5C-8EA6-3151907D9ECB", "href": "", "published": "2021-03-11T00:00:00", "title": "RST Threat feed. IOC: 8.47.15.115", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **157[.]90.18.74** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-19T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 24940: (First IP 157.90.0.0, Last IP 157.90.255.255).\nASN Name \"HETZNERAS\" and Organisation \"\".\nThis IP is a part of \"**hetzner**\" address pools.\nASN hosts 5191619 domains.\nGEO IP information: City \"\", Country \"Germany\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-19T00:00:00", "id": "RST:733E8B1E-6326-398E-87CC-B370BCABD352", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 157.90.18.74", "type": "rst", "cvss": {}}]}