------------------------------------------------------------------ - EXPL-A-2003-024 exploitlabs.com Advisory 024 ------------------------------------------------------------------ -= ICQ Webfront =- Donnie Werner Sept 09 2003 exploitlabs.com Vunerability(s): ---------------- 1. Persistant Remote XSS note: this is not http://www.securiteam.com/windowsntfocus/5QP0N2K40I.html Product: -------- ICQ Webfront guestbook http://www.icq.com/hpf/ http://www.icq.com/hpf/download.html Description of product: ----------------------- The ICQ Web Front is a simple tool designed for creating your very own Web site, which communicates directly with your ICQ. The pages of your Web site are stored in your PC, and when you are online your PC acts as a mini server, which other ICQ users and the Internet community at large can connect to and view. The ICQ Web Front will enable other ICQ and Internet users to request a chat with you, send messages directly to your Contact List, view your personal details including your picture, and even download pre-defined files from your hard disk. VUNERABILITY / EXPLOIT ====================== http://[host]/guestbook.html message field is vuln to all xss issues to be stored for other visitors to have executed upon them as the page loads. ex 1: ----- dropping and executing a .exe of the attackers choice on vunerable browsers ala eeye or malware's mad teknikz who says you cant root via the XSS !!! ex 2: ----- cookie grabbin' ex 3: ----- remote frame content inclusion etc etc etc... Local: ------ yeh, sabotage your visitors Remote: ------- yeh, visitors/attackers sabotage you and visitors Vendor Fix: ----------- No fix on 0day Vendor Contact: --------------- Concurrent with this advisory security@icq.com Credits: -------- Donnie Werner morning_wood@e2-labs.com http://e2-labs.com http://nothackers.org Original advisory may be found at http://exploitlabs.com/files/advisories/EXPL-A-2003-024-icq-webfront.txt