Vulnerability in Referer for DataLife Engine



Hello Bugtraq!

I want to warn you about security vulnerability in Referer module for
DataLife Engine (DLE).

-----------------------------
Advisory: Vulnerability in Referer for DataLife Engine
-----------------------------
URL: http://websecurity.com.ua/3942/
-----------------------------
Affected products: Referer (aka "Perehody" on Russian) v.6.9 and previous
versions.
-----------------------------
Timeline:

29.06.2009 - found vulnerability.
11.02.2010 - announced at my site.
13.02.2010 - informed admin of web site where I found the vulnerability.
15.02.2010 - informed developers of DataLife Engine (at first I thought that
hole existed in DLE, and admin of vulnerable web site didn't answer me and
didn't fix the hole, but DLE developers said that hole is not in their
engine and they didn't know what the module it is).
19.02.2010 - informed developers of the module (after I found that it's
Referer module).
23.04.2010 - disclosed at my site.
-----------------------------
Details:

This is Cross-Site Scripting vulnerability.

XSS:

It's persistent XSS vulnerability. Which allows to conduct the attack via
Referer header, in case when immediate links to queries in search engines
are showing at the site.

Referer:
http://www.google.com/search?q=xss";><script>alert(document.cookie)</script>

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua



Relevant Pages

  • [Full-disclosure] Vulnerability in Referer for DataLife Engine
    ... Vulnerability in Referer for DataLife Engine ... - informed admin of web site where I found the vulnerability. ...
    (Full-Disclosure)
  • [NT] Cumulative Security Update for Internet Explorer (MS06-013)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Microsoft Internet Explorer allow attackers to execute arbitrary code, ... A remote code execution vulnerability exists in the way Internet Explorer ...
    (Securiteam)
  • [NT] Cumulative Security Update for Internet Explorer (MS06-021)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Improper memory and user input handling with Internet Explorer allows ... A remote code execution vulnerability exists in the way Internet Explorer ...
    (Securiteam)
  • [NT] Cumulative Security Update for Internet Explorer (MS05-038)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... A buffer overflow vulnerability within Internet Explorer allows attackers ...
    (Securiteam)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-038)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    (Securiteam)