| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Dec 2003 13:53:56 +0100 (MET)
From: "Oliver Karow" <Oliver.Karow@....de>
To: bugtraq@...urityfocus.com
Subject: IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
=====================================================================
During the audit of 3rd party product, based on IBM Directory Server,
i found a cross site scripting vulnerability on IBM's Directory Server 4.1
Web Admin Gui. The vuln exists due to the fact that ldacgi.exe does not
validate
the input regarding script code.
Version:
========
IBM Directory Server 4.1 ( IBM HTTP Server 1.3.19.2 Apache/1.3.20) running
on Windows platform.
Exploiting:
===========
https://server/ldap/cgi-bin/ldacgi.exe?Action=<script>alert("foo")</script>
Vendor:
=======
Website: http://www.ibm.com
Product: http://www-306.ibm.com/software/tivoli/products/directory-server/
Status: informed - but no reply within 7 days
Misc:
=====
The XSS exists in ldacgi.exe which will appear on the login-screen.
Its a vuln with a small impact, but user-input should always be validated :)
By the way.....requesting ldacgi3.exe (no auth. required) gives lot of
information about the accepted parameters of ldcgi.exe, which can be used to
start further attacks against ldacgi.exe.
Credit:
=======
Oliver.Karow[@]gmx.de
www.oliverkarow.de
--
+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
Powered by blists - more mailing lists