|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA15250] Interspire ArticleLive 2005 Cross-Site Scripting and Security Bypass
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri May 06 2005 - 10:19:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Interspire ArticleLive 2005 Cross-Site Scripting and Security Bypass
SECUNIA ADVISORY ID:
SA15250
VERIFY ADVISORY:
http://secunia.com/advisories/15250/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting, Exposure of system information
WHERE:
From remote
SOFTWARE:
Interspire ArticleLive 2005
http://secunia.com/product/4834/
DESCRIPTION:
Diabolic Crab has reported two vulnerabilities in Interspire
ArticleLive 2005, which can be exploited by malicious people to
conduct cross-site scripting attacks and bypass certain security
restrictions.
1) Input passed to the "BlogId" parameter in "newcomment/" isn't
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable site.
2) The problem is that the authentication process can be bypassed by
manually setting the "auth" and "userId" cookie parameters. This can
be exploited to gain administrative privileges.
It is also possible to disclose the full path to "search" by
accessing it with an invalid "Query" parameter.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
that authentication is properly performed.
PROVIDED AND/OR DISCOVERED BY:
Diabolic Crab
ORIGINAL ADVISORY:
http://www.digitalparadox.org/advisories/inal.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]