lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5709.1070369636@www48.gmx.net>
Date: Tue, 2 Dec 2003 13:53:56 +0100 (MET)
From: "Oliver Karow" <Oliver.Karow@....de>
To: bugtraq@...urityfocus.com
Subject: IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability


IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
=====================================================================

During the audit of 3rd party product, based on IBM Directory Server,
i found a cross site scripting vulnerability on IBM's Directory Server 4.1
Web Admin Gui. The vuln exists due to the fact that ldacgi.exe does not
validate
the input regarding script code.


Version:
========

IBM Directory Server 4.1 ( IBM HTTP Server 1.3.19.2 Apache/1.3.20) running
on Windows platform.


Exploiting:
===========

https://server/ldap/cgi-bin/ldacgi.exe?Action=<script>alert("foo")</script>


Vendor:
=======

Website: http://www.ibm.com

Product: http://www-306.ibm.com/software/tivoli/products/directory-server/

Status: informed - but no reply within 7 days


Misc:
=====

The XSS exists in ldacgi.exe which will appear on the login-screen.
Its a vuln with a small impact, but user-input should always be validated :)

By the way.....requesting ldacgi3.exe (no auth. required) gives lot of
information about the accepted parameters of ldcgi.exe, which can be used to
start further attacks against ldacgi.exe.


Credit:
=======

Oliver.Karow[@]gmx.de
www.oliverkarow.de

-- 
+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ