IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
=====================================================================
During the audit of 3rd party product, based on IBM Directory Server,
i found a cross site scripting vulnerability on IBM's Directory Server 4.1
Web Admin Gui. The vuln exists due to the fact that ldacgi.exe does not
validate
the input regarding script code.
Version:
========
IBM Directory Server 4.1 ( IBM HTTP Server 1.3.19.2 Apache/1.3.20) running
on Windows platform.
Exploiting:
===========
https://server/ldap/cgi-bin/ldacgi.exe?Action=<script>alert("foo")</script>
Vendor:
=======
Website: http://www.ibm.com
Product: http://www-306.ibm.com/software/tivoli/products/directory-server/
Status: informed - but no reply within 7 days
Misc:
=====
The XSS exists in ldacgi.exe which will appear on the login-screen.
Its a vuln with a small impact, but user-input should always be validated :)
By the way.....requesting ldacgi3.exe (no auth. required) gives lot of
information about the accepted parameters of ldcgi.exe, which can be used to
start further attacks against ldacgi.exe.
Credit:
=======
Oliver.Karow[@]gmx.de
www.oliverkarow.de
--
+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net