OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mark A. Rowe (PenTest) (mark.rowepentest-limited.com)
Date: Mon Jul 01 2002 - 02:42:28 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                            PenTest Limited
                        www.pentest-limited.com
                           Security Advisory

                           XSS bug in Betsie

     
    Announcement date: 1st July 2002
    Reference: ptl-2002-03

    Advisory Details
    ----------------

    Product: Betsie
    Vulnerable versions: 1.5.11 and all versions before
    Vulnerability Type : Input Validation Error
    Platforms: All
    Vendor-URL: http://www.bbc.co.uk/education/betsie/
    Vendor-Status: informed, new version available
    Remote-Exploit: Yes

    Overview
    --------

    A Cross-site Scripting vulnerability exists in the Betsie application.
    The developer has been notified and a fixed version has been released.

    Description
    ------------

    Betsie stands for BBC Education Text to Speech Internet Enhancer, and is
    a simple Perl script which is intended to alleviate some of the problems
    experienced by people using text to speech systems for web browsing.

    The Betsie perl script does not adequately validate and filter URL
    input making it vulnerable to Cross-site Scripting attacks.

    Cross-site Scripting example:

    http://server/cgi-bin/betsie/parserl.pl/>alert("eek!")</script>

    For more details about XSS vulnerabilities see
    http://www.owasp.org/asac/input_validation/css.shtml

    Fix

    ---
    

    The vendor has released a new version of the script 1.5.12, which seems to fix the bug.

    Vendor status -------------

    Vendor has released a new version. See http://www.bbc.co.uk/education/be tsie/download.html

    Thanks ------

    Thankyou to Wayne Myers for responding so quickly to our notification and promptly releasing a fix.

    Credit ------

    Discovered on 24 June, 2002 by Mark Rowe ( mark.rowepentest-limited.com) http://www.pentest-limited.com -- Mark Rowe IT Security Consultant PenTest Limited

    Office +44 (0)1565 830990 Fax +44 (0)1565 830889 Mobile +44 (0)7813 803929

    mark.rowepentest-limited.com

    www.pentest-limited.com