UPDATE 20 sep 2005 :
VERSION AFECTED: Spymac v4
#########################################################
Multiple variable XSS in Spymac Web Os v4.0
vendor url:http://www.spymac.com/
Advisory:http://lostmon.blogspot.com/2005/09/
multiple-variable-xss-in-spymac-web-os.html
Vendor notified : yes exploit avaible : yes
OSVDB ID:19613
Securitytracker:1014928
#########################################################
Spymac is powered by an integrated collection of applications
(developed in-house)that together form "Spymac WOS". Spymac
WOS is an intelligent environment featuring patent-pending
technology that allows for the creation of an immersive and
visually-stunning Web experience.
Spymac flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate some
variables upon submission to some scripts.This could allow a user
to create a specially crafted URL that would execute arbitrary
code in a user's browser within the trust relationship between the
browser and the server,leading to a loss of integrity.
############
version afected
############
Spymac web os v4
Spymac Web Os 3.0 beta 190
#########
Solution
#########
No solution was available at this time.
##########
timeline
##########
Discovered : 17 sep 2005
Vendor notify: 17 sep 2005
Vendor response:
Disclosure :17 sep 2005
Public disclosure:17 sep 2005
############
Examples
############
http://[victim]/forums/showthread.php?threadid=195681[XSS-CODE]
http://[victim]/forums/showthread.php?threadid=195805&postid=3579278[XSS-CODE]#post_3579278
http://[victim]/forums/showthread.php?threadid=195605&curr=0[XSS-CODE]
########################### €nd ############################
Thnx to estrella to be my ligth.
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)