lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 9 Sep 2003 15:38:20 -0000
From: Bahaa Naamneh <b_naamneh@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Escapade Scripting Engine XSS Vulnerability and Path Disclosure




Escapade Scripting Engine XSS Vulnerability and Path Disclosure


Published: 9 September 2003

Released: 9 September 2003

Affected Systems: Escapade Scripting Engine

Vendor: http://www.escapade.org , http://www.squishedmosquito.com

Issue: Remote attackers can inject XSS script and know the path of the 
site. 


Description:
============
Escapade, or ESP for short, is a server-side scripting language that 
provides an interface to back-end database contents. Specifically 
designed to create dynamic information from this data, Escapade can be 
used to generate any kind of document - HTML, XML, text, and more. 
While server-side scripting is not a new concept, ESP is a breakthrough 
product that will enable programmers to much more easily have access to 
data in databases in their web pages without having to resort to ASP or 
complicated back-end Perl or PHP scripts. 


Details:
========
It's possibile to inject XSS script in the method variable. 

Example: 

http://www.site.com/cgi-bin/esp?PAGE=&lt;script&gt;alert(document.domain)
&lt;/script&gt;

It's possible to make a malformed http request for many variables in 
Escapade and in doing so trigger an error. The resulting error message 
will 
disclose potentially sensitive installation path information to the 
remote attacker. 

Example:

http://www.site.com/cgi-bin/esp?PAGE=!@#$%


Solution:
=========
The vendor has been contacted and a patch is not yet produced.


Suggestions:
============
Filter the method variable (xss problem), filter all variables. 


Discovered by / credit:
=======================
Bahaa Naamneh
b_naamneh@...mail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ