lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKR_-zxSVRKS7aBCqToY6wR0=a1oToZUJ1UJCNKA=DaWQtjktA@mail.gmail.com>
Date: Thu, 20 Feb 2014 21:20:27 +0100
From: Eric Flokstra <erp.flokstra@...il.com>
To: bugtraq@...urityfocus.com
Subject: [CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12

==============================================
Product: InterWorx Web Control Panel
Vendor: InterWorx LLC
Tested Version: 5.0.12 build 569
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-2035
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Solution Status: Fixed in Version 5.0.13 build 574
Discovered and Provided: Eric Flokstra (www.itsec.nl)
==============================================

About the Vendor
-------------------------
The InterWorx Hosting Control Panel is a web hosting and linux server
management system that provides tools for server administrators to
command their servers and for end users to oversee the operations of
their website.

Advisory Details:
-------------------------
Reflected cross-site scripting (XSS) vulnerability in the InterWorx
Web Control Panel.

The application uses XMLHttpRequests to post messages to the web
server. However, insufficient output encoding is performed enabling
remote execution of arbitrary scripting code in the target's web
browser. By changing the request method from POST to GET the following
URL could be used as proof of concept:

http://demo.interworx.com:2080/xhr.php?i={%22r%22%3a%22Form_InputValidator%22%2c%22i%22%3a{%22form%22%3a%22Form_NW_Shell_ForbiddenUsers%22%2c%22ctrl%22%3a%22\%2fnodeworx\%2fshell%3Cimg%20src%3dx%20onerror%3dalert%28%27XSS%27%29%3E%22%2c%22input%22%3a%22forbidden_unix_users%22%2c%22value%22%3a%22moi%22%2c%22where_was_i%22%3a%22%2fnodeworx%2fshell%22}}

Vendor contact timeline:
------------------------------------
18 Feb 2014: Vendor notification
18 Feb 2014: Vulnerability confirmation
19 Feb 2014: Issue patched
20 Feb 2014: Public disclosure

Solution:
------------
Upgrade to the latest version (5.0.13 build 574) of InterWorx Web Control Panel.

References:
-----------------
[1] InterWorx Changelog - http://www.interworx.com/developers/changelog/
[2] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org
[3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ