[<prev] [next>] [day] [month] [year] [list]
Message-ID: <497075956.20040202010218@mail.ru>
Date: Mon, 2 Feb 2004 01:02:18 -0800
From: nimber <nimber@...l.ru>
To: bugtraq@...urityfocus.com
Subject: Security Advisory: CSS Vulnerability in Web Froums Server 1.6
Security Advisory: CSS Vulnerability in Web Froums Server 1.6
Data: 27.01.2004
###################################################
Application: Web Froums Server 1.6
Vendor: www.minihttpserver.net
Versions: 1.6 and <
Shareware :)
Platforms: Windows
Bug: JS/HTML code injection.
Risk: Low
###################################################
Mini-description [for Forums Web Server v1.6]:
"WebForums Server allows you to setup a bulletin board and
photo/file exchange web service. It offers a built in HTTP engine,
internal database engine, integrated HTML/Script pages, user
management interface, message board engine and a secure file
Upload/Download option. It is without a doubt the easiest and
complet all in one Forum Server software you have seen."
[The information from a site www.minihttpserver.net]
####################################################
Vulnerability:
Some time back I wrote about found CSS vulnerability in Web Forums Server.
(The additional information here http://www.rus-sec.org/advisories/ADV10.txt)
But in the new version they were not corrected.
In the new version I have found new of vulnerability.
Which can allow to receive login/password and session ID of any user.
####################################################
Use:
1) At addition of the new message (for example http://121.0.0.1/post1.htm)
in a field " Subject: " there is no filtration of the entering data.
There is an opportunity of an insert any JS/HTML code.
2) At loading a new file on server (for example http://121.0.0.1/postfile2.htm)
there is no filtration of the entering data in a field " File Description:"
In result attacking can insert any JS/HTML code, which then will be
executed at opening page http://121.0.0.1/sharephoto1.asp (or /sharephoto2.asp and etc....)
####################################################
Path:
nah nah :-)
####################################################
For contacts:
nimber
icq: 132614
e-mail: nimber@...l.ru
nimber@...igner.ru
home page: www.rus-sec.org
p.s> Sorry for my bad english ;)
(0_o(0_o)0_o)
--
Best regards,
nimber mailto:nimber@...l.ru
Powered by blists - more mailing lists