Remotely Anywhere Message Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Remotely Anywhere Message Injection Vulnerability
From: "Oliver Karow" <Oliver.Karow@xxxxxx>
Date: Thu, 11 Dec 2003 11:36:04 +0100 (MET)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Remotely Anywhere Message Injection Vulnerability
=================================================

In addition to http://www.securityfocus.com/bid/9120 i found that it is
possible to inject a message into the login page of Remotely Anywhere.
Its not a XSS attack, because there is no directly executed script code,
even if a msg-box pops up containing the injected message
(have a look at http://www.oliverkarow.de/research/ra.jpg for a
screenshot).


Exploiting:
===========

https://host:2000/default.html?logout=asdf&reason=Please%20set%20your%20password%20to%20ABC123%20after%20login


Vulnerable:
===========

This vuln. was tested on "Remotely Anywhere Enterprise Edition"


Discovered by:
==============

oliver.karow_gmx.de
www.oliverkarow.de

-- 
+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net

Prev by Date: Re: Internet Explorer URL parsing vulnerability
Next by Date: [RHSA-2003:390-01] Updated gnupg packages disable ElGamal keys
Previous by thread: Re: A .NET class bug that can hang a machine instantly
Next by thread: [RHSA-2003:390-01] Updated gnupg packages disable ElGamal keys
Index(es):
- Date
- Thread