[NT] Macromedia Sitespring Cross-Site Scripting

From: support@securiteam.com
Date: 07/17/02


From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 17 Jul 2002 13:05:25 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Macromedia Sitespring Cross-Site Scripting
------------------------------------------------------------------------

SUMMARY

A malicious user could use a default error page as the basis for a
cross-site scripting attack.

DETAILS

Vulnerable systems:
 * Macromedia Sitespring version 1.2.0 (277.1) on Windows 2000 Server

The default HTTP 500 error script does not check the contents of the error
ticket (et) parameter before outputting it. That makes it possible to
inject e.g. JavaScript in the URL.

http://server/error/500error.jsp?et=1>alert('KPMG')</script>

Vendor response:
The vendor was notified on 16 April 2002. The vendor has since removed the
trial software from the webpage. To our knowledge, there is no scheduled
release date for a patch.

Corrective action:
Replace the error script with a custom error page. If you do not know how
to create a .JSP file, simply create a standard 500-error page in html,
and rename it to .JSP.

ADDITIONAL INFORMATION

The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Gründl.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [UNIX] ProBoards Forums Contains a XXS Vulnerability
    ... A user viewing the post would see a popup message containing his cookie. ... Vendor was notified and the vulnerability was fixed almost immediately. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [UNIX] Sun AnswerBook2 Gettransbitmap Buffer Overflow Vulnerability
    ... there are no vendor patches available. ... Otherwise, disable AnswerBook2. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [UNIX] IcrediBB Contains a Cross Site Scripting Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vendor has been notified of all issues discussed. ... This bulletin is sent to members of the SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [UNIX] Integer overflow in PHP array_pad() function
    ... execute PHP commands to gain administrative privileges. ... Vendor was contacted. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [NT] Cerberus FTP Server Stores Password in the Clear
    ... Cerberus FTP Server ... Vendor has been informed, ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)