[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Gadu-Gadu, another two bugs

To: Jaroslaw Sajko <sloik@xxxxxxxxxxxxx>
Subject: [Full-Disclosure] Re: Gadu-Gadu, another two bugs
From: lazy@xxxxxxxxxxxxxxxxxx
Date: Mon, 20 Dec 2004 14:09:45 +0100

On Fri, Dec 17, 2004 at 11:23:38AM +0100, Jaroslaw Sajko wrote:
> Product:      Gadu-Gadu, build 155 and older
> Vendor:               SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
> Impact:               Script execution in local zone,
>               Remote DoS
> Severity:     High
> Authors:      Blazej Miga <bla@xxxxxxxxxxxxx>,
>               Jaroslaw Sajko <sloik@xxxxxxxxxxxxx>
> Date:         17/12/04
...
> [DETAILS]
> 
> Bug 1.
> Parsing error. We can send a malicious string which has an url inside.
> This url can be a javascript code for example or reference to such a code.
> Code will execute when the window with message pops up. Code will execute
> in LOCAL ZONE! Works also with older versions.
> 
> Example:
> 
> Send such a string to any receipent:
> www.po"style=background-image:url(javascript:document.write('%3cscript%3ealert%28%22you%20are%20owned!%22%29%3c%2fscript%3e'));".pl
> 
tlen.pl - another polish IM was also vulunerable to Bug1
they fixed it in 5.23.4.2 and (as I was told) they now block it on the servers, 
but you can check it
locally on your own client

__
Regards,
Michal Grzedzicki

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Gadu-Gadu, another two bugs
  - From: Jaroslaw Sajko

Prev by Date: [Full-Disclosure] multiple remote root vulns in Rosiello rFTPD and RPF
Next by Date: Re: [Full-Disclosure] TCP Port 42 port scans?
Previous by thread: Re: [Full-Disclosure] Re: Gadu-Gadu, another two bugs
Next by thread: [Full-Disclosure] STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Mod
Index(es):
- Date
- Thread