[Full-Disclosure] Secunia Research: BRS WebWeaver Error Page Cross-Site Scripting
From: Carsten H. Eiram (che_at_secunia.com)
Date: 06/26/03
- Previous message: Nicolas MERCIER: "[Full-Disclosure] Netddemsg"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: VulnWatch <vulnwatch@vulnwatch.org>, Full Disclosure <full-disclosure@lists.netsys.com> Date: 26 Jun 2003 11:09:45 +0200
======================================================================
Secunia Research 26/06/2003
- BRS WebWeaver Error Page Cross-Site Scripting Vulnerability -
======================================================================
Receive Secunia Security Advisories for free:
http://www.secunia.com/secunia_security_advisories/
======================================================================
Table of Contents
1....................................................Affected Software
2.............................................................Severity
3.....................................Vendor's Description of Software
4.........................................Description of Vulnerability
5.............................................................Solution
6...........................................................Time Table
7..............................................................Credits
8........................................................About Secunia
9.........................................................Verification
======================================================================
1) Affected Software
BRS WebWeaver 1.0.4
BRS WebWeaver 1.0.3
NOTE: Prior versions have not been tested but may also be vulnerable.
======================================================================
2) Severity
Rating: Less critical
Impact: Cross-Site Scripting
Where: From Remote
======================================================================
3) Vendor's Description of Software
"BRS WebWeaver is a free personal web server that run on the Windows
platform. Even with it's small size ( ~375 KB ) and low memory
requirements (~4 MB) it provides lots of functionality at speeds that
will impress you."
Vendor:
http://www.brswebweaver.com
======================================================================
4) Description of Vulnerability
A vulnerability has been identified in BRS WebWeaver, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks
against visitors.
The vulnerability is caused due to a lack of input validation, since
the name of a resource requested by a user is included in certain
error pages without prior sanitation.
A malicious person can exploit this by constructing a link, which
includes arbitrary script code. If a user is tricked into clicking
the link or visit a malicious website, the script code will be
executed in the user's browser session.
Successful exploitation may result in disclosure of various
information (e.g. cookie-based authentication information)
associated with the site running BRS WebWeaver, or inclusion of
malicious content, which the user thinks is part of the real website.
Example exploiting a "404 Not Found" error page:
http://[victim]/<script>alert(document.domain)</script>
Example exploiting a "403 Access Denied":
http://[victim]/<script>alert(document.domain)</script>AAA..[196]..AAA
======================================================================
5) Solution
Update to version 1.05:
http://www.brswebweaver.com/modules.php?op=modload&name=News&file=article&sid=2
======================================================================
6) Time Table
26/04/2003 - Vulnerability discovered.
29/04/2003 - Vendor notified (info@brswebweaver.com).
07/05/2003 - Vendor notified again.
07/05/2003 - Vendor reply.
03/06/2003 - Vendor releases v1.05 BETA.
24/06/2003 - Vendor releases v1.05.
26/06/2003 - Public disclosure.
======================================================================
7) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
8) About Secunia
Secunia collects, validates, assesses and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://www.secunia.com/secunia_security_advisories/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://www.secunia.com/secunia_research/2003-6/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Nicolas MERCIER: "[Full-Disclosure] Netddemsg"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
