Aida-Web Information Exposure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Aida-Web Information Exposure
From: "MC Iglo" <mc.iglo@xxxxxxxxxxxxxx>
Date: Thu, 15 Nov 2007 10:41:14 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=gPf5qM/+eqLhtLYXbN37yh5gXDkaVhc/k6w8hw5xpnU=; b=iktnTO3z2QTnU4VTvFawLaITYdcqbCIHF8QskK+84CRs/KQ3z4YowAlfq0n4TX916dLmuUy0NO+czt7NPUQNuFbFR9Eoe+5VZV0S+cMD/QIfCC/9D2mNPJTJhUdwO1fTFmODAr/efwyxLNgaLdmzdF+9I7ZmfnrT2GkGPsypVzc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=K9DDh9d65HJLIByzfNGxTPw+Zm0FQdUf7JAnUed7Td10I6eWD/FRAer3h4XkuIKNPp0dWYEE8ngaBPoMn/DN3nVstFmjTxXvdMXO5OBGoqt4on+8krsm9cvLps/UXqaGitfBCYIs1k3zBqJpAfH9idvJ4xo5YvIO1QrBhK8wCHI=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi list,

Parameters being transferred per $_GET aren't sanitised properly.

http://name.tld/CGI-Bin/frame.html?Mehr=xxx

Everyone can read any comment and its poster, although it should be
readable only for superiors

http://name.tld/CGI-Bin/frame.html?Mehr=xxx&SUPER=x
You can see, which supervisor the task was forwarded to and their UniqueIDs


Anyways, everything is acting really strange if you try to test something.
Out of 10 tries, u get
8x All information you want to get
1x a weird name instead of the real one
1x a Errorpage like 404, "session timed out", blank site,...

For all these tests it is not necessary to be logged in.
There might be a lot more bugs, but I can't look for them on a live system :(

Vendor: http://www.aida-orga.de/

Regards
MC.Iglo

Prev by Date: Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges
Next by Date: [TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability
Previous by thread: iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability
Next by thread: [TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability
Index(es):
- Date
- Thread