Escapade Scripting Engine XSS Vulnerability and Path Disclosure
Escapade Scripting Engine XSS Vulnerability and Path Disclosure
Published: 9 September 2003
Released: 9 September 2003
Affected Systems: Escapade Scripting Engine
Vendor: http://www.escapade.org , http://www.squishedmosquito.com
Issue: Remote attackers can inject XSS script and know the path of the
site.
Description:
============
Escapade, or ESP for short, is a server-side scripting language that
provides an interface to back-end database contents. Specifically
designed to create dynamic information from this data, Escapade can be
used to generate any kind of document - HTML, XML, text, and more.
While server-side scripting is not a new concept, ESP is a breakthrough
product that will enable programmers to much more easily have access to
data in databases in their web pages without having to resort to ASP or
complicated back-end Perl or PHP scripts.
Details:
========
It's possibile to inject XSS script in the method variable.
Example:
http://www.site.com/cgi-bin/esp?PAGE=<script>alert(document.domain)
</script>
It's possible to make a malformed http request for many variables in
Escapade and in doing so trigger an error. The resulting error message
will
disclose potentially sensitive installation path information to the
remote attacker.
Example:
http://www.site.com/cgi-bin/esp?PAGE=!@#$%
Solution:
=========
The vendor has been contacted and a patch is not yet produced.
Suggestions:
============
Filter the method variable (xss problem), filter all variables.
Discovered by / credit:
=======================
Bahaa Naamneh
b_naamneh@xxxxxxxxxxx