lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <497075956.20040202010218@mail.ru>
Date: Mon, 2 Feb 2004 01:02:18 -0800
From: nimber <nimber@...l.ru>
To: bugtraq@...urityfocus.com
Subject: Security Advisory: CSS Vulnerability in Web Froums Server 1.6



Security Advisory: CSS Vulnerability in Web Froums Server 1.6
Data: 27.01.2004
###################################################
Application:  Web Froums Server 1.6 
Vendor:           www.minihttpserver.net
Versions:        1.6 and  <
Shareware :)
Platforms:       Windows
Bug:                JS/HTML code injection.
Risk:                Low
###################################################
Mini-description [for Forums Web Server v1.6]:
"WebForums Server allows you to setup a bulletin board and 
photo/file exchange web service. It offers a built in HTTP engine, 
internal database engine, integrated HTML/Script pages, user 
management interface, message board engine and a secure file 
Upload/Download option. It is without a doubt the easiest and 
complet all in one Forum Server software you have seen."
[The information from a site www.minihttpserver.net]
####################################################
Vulnerability: 
Some time back I wrote about found CSS vulnerability in Web Forums Server.
(The additional information here http://www.rus-sec.org/advisories/ADV10.txt)
But in the new version they were not corrected. 
In the new version I have found new of vulnerability. 
Which can allow to receive login/password and session ID of any user.
####################################################
Use:
1) At addition of the new message (for example http://121.0.0.1/post1.htm) 
in a field " Subject: " there is no filtration of the entering data. 
There is an opportunity of an insert any JS/HTML code.
2) At loading a new file on server (for example http://121.0.0.1/postfile2.htm) 
there is no filtration of the entering data  in a field " File Description:" 
In result attacking can insert any JS/HTML code, which then will be 
executed at opening page http://121.0.0.1/sharephoto1.asp (or /sharephoto2.asp and etc....)
####################################################
Path:
nah nah :-)
####################################################
For contacts:
nimber
icq: 132614
e-mail: nimber@...l.ru
            nimber@...igner.ru
home page: www.rus-sec.org

p.s> Sorry for my bad english ;)
(0_o(0_o)0_o)
  

-- 
Best regards,
 nimber                          mailto:nimber@...l.ru



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ