COMMAND

	MSN Groups makes cross site scripting easy

SYSTEMS AFFECTED

	Versions till 28.Jun.2002 this exploit still works

PROBLEM

	Obscure                       of                       eyeonsecurity.net
	[http://eyeonsecurity.net/advisories/msngroups] says :
	

	My Groups is a list of links  to  all  the  MSN  groups  that  you  have
	created,joined, or marked as interesting places  to  visit  again.  When
	you are signed in with your Microsoft  .NET  Passport,  your  My  Groups
	list can be viewed:
	

	o On the MSN People & Chat page.

	o On the MSN Groups home page.

	o When you click My Groups near the upper-left corner of any MSN

	Groups page.

	

	Groups that you join or  create  are  automatically  added  to  your  My
	Groups list. You can also add groups you like to visit by  clicking  Add
	to Groups I Visit on the What's New page of the group.
	

	Groups.MSN.com allows any member to upload any file and share them  with
	others. This means that malicious  users  can  upload  files  which  can
	contain Active Content such as JavaScript and VBScript.  Some  of  these
	file types include:
	

	o HTML

	o SWF

	- maybe a lot more file types.

	

	

	Exploit Examples :
	

	http://groups.msn.com/eyeonsecurity/page.msnw

	

	Before accessing this page you will be asked to authenticate. I  put  up
	2 examples:
	

	b33p.html

	c00kie.swf (check out http://eyeonsecurity.net/papers for more info)

	

	Both of these examples popup an alert with the cookie data.
	

	You may also link  to  these  from  Hotmail  by  sending  an  e-mail  as
	demonstrated on "Demo 3":
	

	http://eyeonsecurity.net/advisories/flash-demo/

	

SOLUTION

	?