<<< Date Index >>>     <<< Thread Index >>>

Security Advisory: CSS Vulnerability in Web Froums Server 1.6



Security Advisory: CSS Vulnerability in Web Froums Server 1.6
Data: 27.01.2004
###################################################
Application:  Web Froums Server 1.6 
Vendor:           www.minihttpserver.net
Versions:        1.6 and  <
Shareware :)
Platforms:       Windows
Bug:                JS/HTML code injection.
Risk:                Low
###################################################
Mini-description [for Forums Web Server v1.6]:
"WebForums Server allows you to setup a bulletin board and 
photo/file exchange web service. It offers a built in HTTP engine, 
internal database engine, integrated HTML/Script pages, user 
management interface, message board engine and a secure file 
Upload/Download option. It is without a doubt the easiest and 
complet all in one Forum Server software you have seen."
[The information from a site www.minihttpserver.net]
####################################################
Vulnerability: 
Some time back I wrote about found CSS vulnerability in Web Forums Server.
(The additional information here http://www.rus-sec.org/advisories/ADV10.txt)
But in the new version they were not corrected. 
In the new version I have found new of vulnerability. 
Which can allow to receive login/password and session ID of any user.
####################################################
Use:
1) At addition of the new message (for example http://121.0.0.1/post1.htm) 
in a field " Subject: " there is no filtration of the entering data. 
There is an opportunity of an insert any JS/HTML code.
2) At loading a new file on server (for example http://121.0.0.1/postfile2.htm) 
there is no filtration of the entering data  in a field " File Description:" 
In result attacking can insert any JS/HTML code, which then will be 
executed at opening page http://121.0.0.1/sharephoto1.asp (or /sharephoto2.asp 
and etc....)
####################################################
Path:
nah nah :-)
####################################################
For contacts:
nimber
icq: 132614
e-mail: nimber@xxxxxxx
            nimber@xxxxxxxxxxx
home page: www.rus-sec.org

p.s> Sorry for my bad english ;)
(0_o(0_o)0_o)
  

-- 
Best regards,
 nimber                          mailto:nimber@xxxxxxx