########################################################## Multiple Cross site scripting in Spymac WOS v Vendor url: http://www.spymac.com/network.php?p=wos Advisore:http://lostmon.blogspot.com/2006/05/ multiple-cross-site-scripting-in.html Vendor notify: yes Exploit available: yes ########################################################## Spymac WOS is powered by an integrated collection of Web and desktop applications that together form "Spymac WOS". Developed in-house, Spymac WOS is an intelligent environment featuring patent-pending technology that allows for the creation of an immersive and visually-stunning Web experience. Spymac have a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to multiple scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. ####################### Versions ####################### Spymac WOS V ######################## Solution: ######################## No solution was available at this time. ######################## Examples ######################## for view some examples... need a client login. http://[VICTIM]/notes/index.php?action=delete_folder&del_folder=[XSS-CODE] http://[VICTIM]/notes/index.php?action=empty_trash[XSS-CODE] http://[VICTIM]/ipod/get_ipod.php?curr=10[XSS-CODE] http://[VICTIM]/notes/index.php?action=noteform&nick=Lostmon[XSS-CODE] http://[VICTIM]/login.php?[XSS-CODE] some others variables are subsceptibles to the same flaw. ######################## TIMELINE ######################## Discovered:02-05-2006 Vendor notify:14-05-2006 Vendor response:------------- Disclosure:17-05-2006 ######################## €nd ##################### Thnx to Estrella to be my ligth. -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ -- La curiosidad es lo que hace mover la mente....