Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Gadu-Gadu, another two bugs
From: lazy () server gwsh gda pl
Date: Mon, 20 Dec 2004 14:09:45 +0100

On Fri, Dec 17, 2004 at 11:23:38AM +0100, Jaroslaw Sajko wrote:
Product:      Gadu-Gadu, build 155 and older
Vendor:               SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact:               Script execution in local zone,
              Remote DoS
Severity:     High
Authors:      Blazej Miga <bla () man poznan pl>,
              Jaroslaw Sajko <sloik () man poznan pl>
Date:         17/12/04
...
[DETAILS]

Bug 1.
Parsing error. We can send a malicious string which has an url inside.
This url can be a javascript code for example or reference to such a code.
Code will execute when the window with message pops up. Code will execute
in LOCAL ZONE! Works also with older versions.

Example:

Send such a string to any receipent:
www.po"style=background-image:url(javascript:document.write('%3cscript%3ealert%28%22you%20are%20owned!%22%29%3c%2fscript%3e'));".pl

tlen.pl - another polish IM was also vulunerable to Bug1
they fixed it in 5.23.4.2 and (as I was told) they now block it on the servers, but you can check it
locally on your own client

__
Regards,
Michal Grzedzicki

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]