lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <200707120044.32136.mail@hboeck.de>
Date: Thu, 12 Jul 2007 00:44:29 +0200
From: "Hanno Böck" <mail@...eck.de>
To: vulnwatch@...nwatch.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: CVE-2007-3693: Cross site scripting and
	information disclosure in gobi/helma

http://int21.de/cve/CVE-2007-3693-gobi.txt

Cross site scripting and information disclosure in gobi/helma

security advisory

References:
 http://gobi.helma.org/
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3693

Description:
 Cross site scripting describes attacks that allow to insert malicious
 html or javascript code via get or post forms. This can be used to steal
 session cookies.
 helma is a javascript-based application server, gobi is a cms
 based on helma. It's used on some popular pages, e. g. the ORF.
 The search-function can be used to inject javascript code.
 It will cause an information disclosure about the system path of helma
 if filled with invalid chars.

Workaround/Fix:
 There's no vendor fix. All input strings in web applications should be
 escaped properly and error messages containing paths should be suppressed
 on live installations.
 Vendor has been contacted 2007-04-12 and hasn't answered yet.

Sample injection URLs:
 http://gobi.helma.org/search/?q=<script>alert(1)</script>
 http://dev.helma.org/search/?q=<script>alert(1)</script>
 http://tv.orf.at/search?keyword="><script>alert(1)</script>

Sample information disclosure URLs:
 http://gobi.helma.org/search/?q="
 http://dev.helma.org/search/?q="

CVE Information:
 The Common Vulnerabilities and Exposures (CVE) project has assigned the
 name CVE-2007-3693 to this issue. This is a candidate for inclusion in
 the CVE list (http://cve.mitre.org/), which standardizes names for
 security problems.

Credits and copyright:
 This vulnerability was discovered by Hanno Boeck of schokokeks.org
 webhosting, http://www.schokokeks.org
 It's licensed under the creative commons attribution license:
 http://creativecommons.org/licenses/by/3.0/

 Hanno Boeck, 2007-07-12, http://www.hboeck.de

Download attachment "signature.asc " of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ