<<< Date Index >>>     <<< Thread Index >>>

Antville 1.1 Cross Site Scripting



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



SA0004

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++         Antville 1.1 Cross Site Scripting         +++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


PUBLISHED ON
  Nov 09, 2005


PUBLISHED AT
  http://moritz-naumann.com/adv/0004/antvxss/0004.txt
  http://moritz-naumann.com/adv/0004/antvxss/0004.txt.sig


PUBLISHED BY
  Moritz Naumann IT Consulting & Services
  Hamburg, Germany
  http://moritz-naumann.com/

  info AT moritz HYPHON naumann D0T com
  GPG key: http://moritz-naumann.com/keys/0x277F060C.asc


AFFECTED APPLICATION OR SERVICE
  Antville
  http://www.antville.org/


AFFECTED VERSION
  Version 1.1
  Possibly versions 1.0 and lower (untested)


BACKGROUND
  Everybody knows XSS.
  http://en.wikipedia.org/wiki/XSS
  http://www.cgisecurity.net/articles/xss-faq.shtml


ISSUE
  A XSS vulnerability has been detected in Antville. The
  problem is caused by insufficient input sanitation.

  By making a victim visit a specially crafted URL, it is
  possible to inject client side scripting (such as
  Javascript) and HTML which will be executed/rendered in
  her browser.

  The following URL demonstrates this issue:
    [antville_basepath]/project/<script>alert('XSS');</script>

  This may not be easily exploitable for cookie/session
  stealing attacks due to the IP address lock on the session.


WORKAROUND
  Client: Disable Javascript.
  Server: Prevent access to the Antville installation.


SOLUTIONS
  There does not seem to be a patch available. Our attempts
  to contact the developers were unsuccessful.


TIMELINE
  Sep 19, 2005  Discovery
  Sep 19, 2005  Code maintainer notification
  Sep 29, 2005  Another code maintainer notification
  Nov 09, 2005  Public disclosure


REFERENCES
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3530


ADDITIONAL CREDIT
  N/A


LICENSE
  Creative Commons Attribution-ShareAlike License Germany
  http://creativecommons.org/licenses/by-sa/2.0/de/



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDcijWn6GkvSd/BgwRAt1GAJwKCc/BKl9UKEGc4gNH3iO61em0xQCggqKG
vr3wn/zqL0VwrGk/rEqhbR0=
=s8WY
-----END PGP SIGNATURE-----