lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <200804221225.07575.hanno@hboeck.de>
Date: Tue, 22 Apr 2008 12:25:07 +0200
From: Hanno Böck <hanno@...eck.de>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk,
	"Steven M. Christey" <coley@...us.mitre.org>
Subject: Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387)

Two smaller issues in s9y, published here:
http://int21.de/cve/CVE-2008-1386-s9y.html
http://int21.de/cve/CVE-2008-1387-s9y.html


Cross Site Scripting (XSS) in serendipity 1.3 referrer plugin, CVE-2008-1385
References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1385
http://www.s9y.org/
Description

In the referrer plugin of the blog application serendipity, the referrer 
string is not escaped, thus leading to a permanent XSS.
Example

One can inject malicious javascript code with:

wget --referer='http://<hr onMouseOver="alert(7)">' http://someblog.com/

Workaround/Fix

If you are using the referrer plugin, upgrade to 1.3.1.
Disclosure Timeline

2008-03-18 Vendor contacted
2008-03-18 Vendor answered
2008-03-18 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
2008-04-22 Advisory published
CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2008-1385 to this issue. This is a candidate for inclusion in the CVE 
list (http://cve.mitre.org/), which standardizes names for security problems.
Credits and copyright

This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. 
It's licensed under the creative commons attribution license.

Hanno Boeck, 2008-04-xx, http://www.hboeck.de




Cross Site Scripting (XSS) in serendipity 1.3 installer, CVE-2008-1386
References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1386
http://www.s9y.org/
Description

The installer of serendipity 1.3 has various Cross Site Scripting issues. This 
is considered low priority, as attack scenarios are very unlikely.

Various path fields are not escaped properly, thus filling them with 
javascript code will lead to XSS. MySQL error messages are not escaped, thus 
the database host field can also be filled with javascript.
Workaround/Fix

If you are doing a fresh installation of serendipity, use version 1.3.1.

In general, don't leave uninstalled webapplications laying around on a public 
webspace.
Disclosure Timeline

2008-03-21 Vendor contacted with patches
2008-03-21 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
2008-04-22 Advisory published
CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name 
CVE-2008-1386 to this issue. This is a candidate for inclusion in the CVE 
list (http://cve.mitre.org/), which standardizes names for security problems.
Credits and copyright

This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. 
It's licensed under the creative commons attribution license.

Hanno Boeck, 2008-04-xx, http://www.hboeck.de

-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de

Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ