JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
+-----------------------------+
Advisories: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web
Server v1.5
Author: nimber [nimber@xxxxxxx]
Date: 10/06/2003
+-----------------------------+
Vendor: http://www.minihttpserver.net
Version: 1.5 (and older versions?)
Shareware :)
Mini-description [for File-Sharing for NET v1.5]:
"File Sharing for net is a complete, secure web server that shares your
business documents
and files over the web: remote users only need browsers to view your files.
Share, transfer
files securely with colleagues."
Mini-description [for Forums Web Server v1.5]:
"WebForums Server allows you to setup a bulletin board and photo/file exchange
web service.
It offers a built in HTTP engine, internal database engine, integrated
HTML/Script pages,
user management interface, message board engine and a secure file
Upload/Download option.
It is without a doubt the easiest and complet all in one Forum Server software
you have
seen." [The information from a site www.minihttpserver.net]
+-----------------------------+
Problem:
These two products, from one vendors, use the similar built - in forum (BBS).
I think, that Forums Web Server v1.5 is the easy version of the program
File-Sharing for
NET.
I have found vulnerability in the built - in forum of both programs.
In the program File-Sharing for NET v1.5, at addition of the new message there
is no
filtration entered given in fields "Subject:" and "Your message:". It enables
inserts any
JS/HTML of a code.
For example:
<script> alert (document.cookie); </script>
In the program Forums Web Server v1.5, there is no filtration only in a field
"Subject:",
in a field "Your message:" the symbol < is replaced on "<".
+-----------------------------+
For contacts:
nimber
icq: 132614
e-mail: nimber@xxxxxxx
Home Page: nimber.plux.ru
Greets: ZeT,euronymous,JLx and all my friends.
Hi to teams: zud team, void.ru, RusH Team, m00 security,
eXploit.ru,LWTeam, F0K Project,Free-Crew.
p.s> Sorry for my bad english ;)
(0_o(0_o)0_o)