Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection
From: Seth Fogie <seth@xxxxxxxxxxxxxx>
Date: Tue, 23 Oct 2007 10:06:06 -0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

http://www.airscanner.com/security/07101401_mobilespy.htm

*Airscanner Mobile Security Advisory #07101401:

Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSSInjection*


*Product:*
Mobile-spy Product and Website

*Platform:*
NA

*Requirements:*
NA

* Credits:*
Seth Fogie
Airscanner Mobile Security
http://www.airscanner.com
October 14, 2007

* Risk Level:*
High - Spoofed log records / Injected JavaScript can lead to malware attacks

*Summary:*

Mobile-spy.com's user administration web application contains a criticalbug that allows anyone to inject spoofed incoming/outgoing phonerecords, SMS messages, and URL's into the backend database for ANY userof the software. In addition, since the incoming records are notfiltered, it is trivial to inject malicious JavaScript/HTML into thewebpage viewed by the user of the software. Finally, the user/pass isstored locally on the victims phone as plaintext.


*Details:*
Details on this program and the vulnerabilities are located at:

http://www.informit.com/articles/article.aspx?p=1077909

http://www.informit.com/articles/article.aspx?p=1077910<http://www.informit.com/articles/article.aspx?p=1077910%20>


* Workaround:*

Uninstall the software from the victim's phone. Delete all existingmessages that are stored on Mobile-spy server using a secure browserwith JavaScript disabled.


Copyright (c) 2007 Airscanner Corp.

Permission is granted for the redistribution of this alertelectronically. It may not be edited in any way without the expresswritten consent of Airscanner Corp. If you wish to reprint the whole orany part of this alert in any other medium other than electronically,please contact Airscanner Corp. for permission.

Disclaimer: The information in the advisory is believed to be accurateat the time of publishing based on currently available information. Useof the information constitutes acceptance for use on an AS IS condition.There are no warranties with regard to this information. Neither theauthor nor the publisher accepts any liability for any direct, indirect,or consequential loss or damage arising from use of, or reliance on,this information.

Prev by Date: [ GLSA 200710-24 ] OpenOffice.org: Heap-based buffer overflow
Next by Date: [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
Previous by thread: [ GLSA 200710-24 ] OpenOffice.org: Heap-based buffer overflow
Next by thread: [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
Index(es):
- Date
- Thread