|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12751] DCP-Portal Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Oct 07 2004 - 10:50:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
DCP-Portal Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA12751
VERIFY ADVISORY:
http://secunia.com/advisories/12751/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
DCP-Portal 5.x
http://secunia.com/product/938/
DCP-Portal 6.x
http://secunia.com/product/4015/
DESCRIPTION:
Alexander Antipov has reported multiple vulnerabilities in
DCP-Portal, which can be exploited by malicious people to conduct
cross-site scripting attacks.
1) Input passed to various parameters in the "calendar.php",
"index.php", "announcement.php", "news.php", and "contents.php" PHP
scripts is not sanitised before being returned to users.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of a vulnerable site by tricking
the user into visiting a malicious web site or follow a specially
crafted link.
Examples:
/calendar.php?year=[code]&month=09&day=01
/calendar.php?year=2004&month=[code]&day=01
/calendar.php?year=2004&month=09&day=[code]
/index.php?page=annoucements&cid=[code]
/annoucement.php?aid=8&cid=[code]
/news.php?nid=34&cid=[code]
/contents.php?cid=[code]
/index.php?cid=[code]
2) Input passed to various variables in several PHP scripts via HTTP
POST requests is not sanitised before being returned. This can also
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable site.
The following PHP scripts and variables are affected:
* The "url" variable in "index.php".
* The "q" variable in "search.php".
* The "country" variable in "register.php".
3) Input passed in "PHPSESSID" is not properly sanitised, which can
be exploited to add fake headers and thereby potentially poison
intermediate web caches with arbitrary content.
Some of these vulnerabilities have been reported before in:
SA8358
SOLUTION:
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Alexander Antipov
OTHER REFERENCES:
SA8358:
http://secunia.com/advisories/8358/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]