lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <web-79187199@bk1.webmaillogin.com>
Date: Thu, 02 Aug 2007 06:04:19 -0400
From: <edi.strosar@...nostne-novice.com>
To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
Subject: DVD Rental System multiple XSS and CSRF
	vulnerabilities


=========================================================================
TeamIntell Security Advisory TISA2007-04-Public
-------------------------------------------------------------------------
DVD Rental System multiple XSS and CSRF vulnerabilities
=========================================================================


Release Date:    02.08.2007
Severity:        Less critical
Impact:          Cross Site Scripting (XSS)
		 Cross Site Request Forgery (CSRF)
Status:          Official patch available
Software:        DVD Rental System 5.1 (DRS)
Vendor:          http://www.dvdrentalsystem.com/
Disclosed:       Edi Strosar (TeamIntell)

	
Description:
============

DRS, an online DVD rental application, is vulnerable to 
multiple XSS and CSRF attacks. Proof of concept will not 
be publicly released.


Details:
========

TeamIntell discovered multiple vulnerabilities in online 
DVD Rental System, which can be exploited by malicious 
users to conduct cross-site scripting[1] and cross-site 
request forgery[2] attacks:

[1] DRS does not properly sanitize users supplied data 
before sending it to clients. This can be exploited to 
execute arbitrary HTML and script code in a user's browser 
session in context of an affected site.

[2] The script index.php allows users to perform certain 
actions via HTTP requests without performing validity 
checks to verify the request. This can be exploited to 
modify users's data or cancel subscription permanently.

Note: in some cases CSRF attacks could be site specific. 
TeamIntell developed working PoC that affects users of one 
among  DVD Rental System's business partners.

The vulnerabilities are confirmed in DVD Rental System 
version 5.1. Other versions may be affected.


Solution:
=========

Vendor has reported that the DVD Rental System scripts are 
updated and patched. Customers should contact the vendor 
for details.


References:
===========

http://en.wikipedia.org/wiki/XSS
http://en.wikipedia.org/wiki/Cross-site_request_forgery


Timeline:
=========

20.07.2007 - vulnerabilities discovered
21.07.2007 - vendor informed
01.08.2007 - vendor reports that the scripts are updated 
and patched
02.08.2007 - public disclosure


Contact:
========

Maldin d.o.o.
Trzaska cesta 2
1000 Ljubljana - SI

tel: +386 (0)590 70 170
fax: +386 (0)590 70 177
gsm: +386 (0)31 816 400
web: www.teamintell.com
e-mail: info@...mintell.com


Disclaimer:
===========

The content of this report is purely informational and 
meant for educational purposes only. Maldin d.o.o. shall 
in no event be liable for any damage whatsoever, direct or 
implied, arising from use or spread of this information. 
Any use of information in this advisory is entirely at 
user's own risk.

=========================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ