lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon May 9 13:57:21 2005 From: se_cur_ity at hotmail.com (Morning Wood) Subject: SiteStudio ------------------------------------------------------------ - EXPL-A-2005-008 exploitlabs.com Advisory 037 - ------------------------------------------------------------ - Site Studio - AFFECTED PRODUCTS ================= Site Studio Positive Software Corporation https://www.psoft.net OVERVIEW ======== SiteStudio is industry leading browser-based web site design and construction tool. It may also be fully and seamlessly integrated with H-Sphere. By using SiteStudio you add value to your Internet service by providing your customers with the easiest way to build a website. With SiteStudio, your users need not know anything about FTP, HTML, Telnet, HTTP, or imaging software. If they can surf the Internet, they can build their own professionally looking website. note: Site Studio runs via Coyote/Jakarta on port 8080 by default DETAILS ======= 1. persistant XSS in the guestbook Site Studio guestbook does not filter HTML code from user-supplied input. A remote user can create a specially crafted entry that, when the page rendered, will cause arbitrary scripting to be executed by the user's browser. The code will originate from the site running the Site Studio software and will run in the security context of that site. Item 1 --------- entering XSS type scripting in the name input field causes the script to be rendered upon visitation to the affected the page. a. Standalone Site Studio installations may be accessable on the target site via: psoft.guestbook.GuestBookServ http://[HOST]:8080/studio/servlet/psoft.guestbook.GuestBookServ b. Integrated Site Studio with H-Sphere may be accessable on the target site via: E-Guest_sign.pl http://[host]/cp/Scripts/perl/guestbook/E-Guest_sign.pl SOLUTION: ========= Psoft has been contacted and patches released: item a: http://www.psoft.net/SS/ss_16_security_update_guestbook.html item b: http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html Credits ======= This vulnerability was discovered and researched by Donnie Werner of exploitlabs Donnie Werner mail: wood at exploitlabs.com mail: morning_wood at zone-h.org -- web: http://exploitlabs.com web: http://zone-h.org http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt
Powered by blists - more mailing lists