lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030616095113.14657.qmail@www.securityfocus.com>
Date: 16 Jun 2003 09:51:13 -0000
From: JeiAr <jeiar@...ms.com>
To: bugtraq@...urityfocus.com
Subject: Multiple Vulnerabilities In Snitz Forums




Multiple Vulnerabilities In Snitz 3.4.0.3
-------------------------------------------
Versions Affected: 3.4.0.3 (current) / Others?
Vendor Notification: Informed
Vendor Website: http://www.snitz.com



Product Description 
-------------------------------------------
Snitz Forums is a full-featured UBB-style ASP 
discussion board application. New features in version 3.3: 
Complete Topic/Post Moderation, Topic Archiving, Subscribe 
to Board / Category / Forum / Topic, Improved unsubscribe, 
Short(er) urls, Category and Forum ordering, and Improved 
Members-page. And like always, upgrading of the database is 
done for you by the setupscript



search.asp Search Feature XSS Vulnerability
-------------------------------------------
Snitz search feature is vulnerable to XSS which
can aide an attacker in stealing cookies, and thus
compromising the account, as described below

http://path/search.asp?Search=">&lt;script&gt;alert()&lt;/script&gt;



Account Compromise Via Cookie Poisoning
-------------------------------------------
In order to steal another users identity, all an attacker 
needs to know is thier encrypted password. This is not
very hard to obtain using the XSS as described above, or
other methods. Once an attacker has this info, all they
have to do is login to thier normal account to get a valid
session id, close the browser, replace thier username and 
encrypted pass with that of the victim, and return to the 
site where they will be recognized as the victim.



password.asp Password Reset Vulnerability
-------------------------------------------
This is the most serious of the vulns, as it requries no
real effort and leaves the entire snitz forum open to attack.
All an attacker has to do is request a forgotten password, save
the password reset page offline,edit the member id to the desired
member id, and submit the form. The members password will then
be reset to that of the attackers choosing.



Credits
-------------------------------------------
Credits go to JeiAr of Gulftech Computers & 
CSA Security Rsearch http://www.gulftech.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ