lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: che at secunia.com (Carsten H. Eiram) Subject: Secunia Research: BRS WebWeaver Error Page Cross-Site Scripting ====================================================================== Secunia Research 26/06/2003 - BRS WebWeaver Error Page Cross-Site Scripting Vulnerability - ====================================================================== Receive Secunia Security Advisories for free: http://www.secunia.com/secunia_security_advisories/ ====================================================================== Table of Contents 1....................................................Affected Software 2.............................................................Severity 3.....................................Vendor's Description of Software 4.........................................Description of Vulnerability 5.............................................................Solution 6...........................................................Time Table 7..............................................................Credits 8........................................................About Secunia 9.........................................................Verification ====================================================================== 1) Affected Software BRS WebWeaver 1.0.4 BRS WebWeaver 1.0.3 NOTE: Prior versions have not been tested but may also be vulnerable. ====================================================================== 2) Severity Rating: Less critical Impact: Cross-Site Scripting Where: From Remote ====================================================================== 3) Vendor's Description of Software "BRS WebWeaver is a free personal web server that run on the Windows platform. Even with it's small size ( ~375 KB ) and low memory requirements (~4 MB) it provides lots of functionality at speeds that will impress you." Vendor: http://www.brswebweaver.com ====================================================================== 4) Description of Vulnerability A vulnerability has been identified in BRS WebWeaver, which can be exploited by malicious people to conduct Cross-Site Scripting attacks against visitors. The vulnerability is caused due to a lack of input validation, since the name of a resource requested by a user is included in certain error pages without prior sanitation. A malicious person can exploit this by constructing a link, which includes arbitrary script code. If a user is tricked into clicking the link or visit a malicious website, the script code will be executed in the user's browser session. Successful exploitation may result in disclosure of various information (e.g. cookie-based authentication information) associated with the site running BRS WebWeaver, or inclusion of malicious content, which the user thinks is part of the real website. Example exploiting a "404 Not Found" error page: http://[victim]/<script>alert(document.domain)</script> Example exploiting a "403 Access Denied": http://[victim]/<script>alert(document.domain)</script>AAA..[196]..AAA ====================================================================== 5) Solution Update to version 1.05: http://www.brswebweaver.com/modules.php?op=modload&name=News&file=article&sid=2 ====================================================================== 6) Time Table 26/04/2003 - Vulnerability discovered. 29/04/2003 - Vendor notified (info@...webweaver.com). 07/05/2003 - Vendor notified again. 07/05/2003 - Vendor reply. 03/06/2003 - Vendor releases v1.05 BETA. 24/06/2003 - Vendor releases v1.05. 26/06/2003 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) About Secunia Secunia collects, validates, assesses and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia website: http://www.secunia.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their specific system configuration. Secunia offers a FREE mailing list called Secunia Security Advisories: http://www.secunia.com/secunia_security_advisories/ ====================================================================== 9) Verification Please verify this advisory by visiting the Secunia website: http://www.secunia.com/secunia_research/2003-6/ ======================================================================
Powered by blists - more mailing lists