|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA15401] Help Center Live Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed May 18 2005 - 06:07:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Help Center Live Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA15401
VERIFY ADVISORY:
http://secunia.com/advisories/15401/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Manipulation of data
WHERE:
From remote
SOFTWARE:
Help Center Live 1.x
http://secunia.com/product/4459/
DESCRIPTION:
James Bercegay has reported some vulnerabilities in Help Center Live,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion and SQL injection attacks.
1) Input passed to the "find" parameter in "index.php" isn't properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
2) Input passed to the name and message fields when requesting a
chat, and the message body when opening a trouble ticket isn't
properly sanitised before being used. This can be exploited to inject
arbitrary HTML and script code, which will be executed in a user's or
administrator's browser session in context of an affected site when
the malicious user data is viewed.
3) Certain input isn't properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
It is also possible to trick an administrator into performing certain
actions (e.g. deleting attachments) on an affected site when accessing
a specially crafted URL while logged in.
SOLUTION:
The vulnerabilities have reportedly been fixed by the vendor.
PROVIDED AND/OR DISCOVERED BY:
James Bercegay, GulfTech Security Research Team.
ORIGINAL ADVISORY:
http://www.gulftech.org/?node=research&article_id=00076-05172005
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]