--[ ICQ WEB Portal multiple Cross Site Scripting vulnerability ]-- Problem discovered: 19/09/2001 by Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com | http://www.iSecureLabs.com --[ Overview ]-- The icq portal suffer from multiple Cross Site Scripting Vulnerability. http://www.icq.com -- [ Description ]-- ICQ web portal may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input from a form is not validated to prevent malicious HTML from being presented to the user. This search script http://search.icq.com/dirsearch.adp does not check anymore for malicious HTML or Java Script code. --[ Exemple 1 ]-- http://search.icq.com/dirsearch.adp?query=<h1>Hello !</h1><script>alert('hello');</script>est&wh=is&users=1 Screen Shots : http://www.isecurelabs.com/advisory/icq1.jpg http://www.isecurelabs.com/advisory/icq2.jpg --[ Exemple 2 ]-- http://web.icq.com/foo/<script>alert('hello');</script> Screen Shots : http://www.isecurelabs.com/advisory/icq3.jpg http://www.isecurelabs.com/advisory/icq4.jpg --[ Fix ]-- ICQ Team has been alerted --[ Informations about CSS ]-- http://httpd.apache.org/info/css-security/apache_specific.html http://www.cert.org/advisories/CA-2000-02.html --- Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com http://www.iSecureLabs.com | French Security Portal http://www.isecurelabs.com/advisory/icq-css.html
