[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] XSS in "Spyware installs with no interaction in IE on fully patchedXP SP2 box"

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] XSS in "Spyware installs with no interaction in IE on fully patchedXP SP2 box"
From: jamie fisher <contact_jamie_fisher@xxxxxxxxxxx>
Date: Mon, 4 Oct 2004 20:37:13 +0100 (BST)

"'>&view=date&page=&cat=&name=blue+biohazard.zip">http://themexp.org//preview.php?mid=72936&type=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;poo%26quot;)>&view=date&page=&cat=&name=blue+biohazard.zip

Above is a measly example of XSS - upload any file you like if you want to the 
site with XSS; seems to be open to all sorts - but I just spidered the web app 
and there appears to be quite a number of scripts that are pushing the 
applications down your wire...  Not 100% sure but I'd guess that since this is 
seems to be the sort of site people would visit to get their windows wares it 
stands to reason that someone would upload a file like in the example above in 
order to do...  I haven't had the opportunity to see where the .cab is being 
pushed from - whether on site or off.  Would it be worth investigating?

Cheers

Willem Koenings <isec@xxxxxxxxxx> wrote:

hi, 

> > I was unable to verify it, since I don't use IE, and would prefer not 
> > infecting myself on accident, however I did run across this: 
> > 
> > http://themexp.org/about_wrap.php 
> > 
> > Perhaps one of the themes you downloaded was bundled with the spyware? 
> 
> two tiny links from there: 
> 
> http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js 
> http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab 

btw, old trusty IE 5.01 + manually configured security settings =
no problem at all. either XP+SP2 broke seriously something in IE
or Geraldo Rivera has just poorly configured internet setting.

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

---------------------------------
 ALL-NEW Yahoo! Messenger - all new features - even more fun!

References:
- Re: [Full-Disclosure] Spyware installs with no interaction in IE on fully patchedXP SP2 box
  - From: Willem Koenings

Prev by Date: Re: [Full-Disclosure] Shows when no limits are set or restricted shell or bat access
Next by Date: Re: Re[2]: [Full-Disclosure] All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
Previous by thread: Re: [Full-Disclosure] Spyware installs with no interaction in IE on fully patchedXP SP2 box
Next by thread: [Full-Disclosure] [ GLSA 200410-02 ] Netpbm: Multiple temporary file issues
Index(es):
- Date
- Thread