[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5

To: bugtraq@securityfocus.com
Subject: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
From: "nimber" <nimber@mail.ru>
Date: Tue, 07 Oct 2003 00:05:01 +0400

+-----------------------------+
Advisories: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web 
Server v1.5
Author: nimber [nimber@mail.ru]
Date: 10/06/2003
+-----------------------------+
Vendor: http://www.minihttpserver.net
Version: 1.5 (and older versions?) 
Shareware :)
Mini-description [for File-Sharing for NET v1.5]:
"File Sharing for net is a complete, secure web server that shares your 
business documents 

and files over the web: remote users only need browsers to view your files. 
Share, transfer 

files securely with colleagues."
Mini-description [for Forums Web Server v1.5]:
"WebForums Server allows you to setup a bulletin board and photo/file exchange 
web service. 

It offers a built in HTTP engine, internal database engine, integrated 
HTML/Script pages, 

user management interface, message board engine and a secure file 
Upload/Download option. 

It is without a doubt the easiest and complet all in one Forum Server software 
you have 

seen." [The information from a site www.minihttpserver.net]
+-----------------------------+
Problem:

These two products, from one vendors, use the similar built - in forum (BBS). 
I think, that Forums Web Server v1.5 is the easy version of the program 
File-Sharing for 

NET. 
I have found vulnerability in the built - in forum of both programs. 
In the program File-Sharing for NET v1.5, at addition of the new message there 
is no 

filtration entered given in fields "Subject:" and "Your message:". It enables 
inserts any 

JS/HTML of a code.
For example:

<script> alert (document.cookie); </script>

In the program Forums Web Server v1.5, there is no filtration only in a field 
"Subject:", 

in a field "Your message:" the symbol < is replaced on "<".

+-----------------------------+

For contacts:
nimber
icq: 132614
e-mail: nimber@mail.ru
Home Page: nimber.plux.ru

Greets: ZeT,euronymous,JLx and all my friends.
Hi to teams: zud team, void.ru, RusH Team, m00 security,
eXploit.ru,LWTeam, F0K Project,Free-Crew.
 
p.s> Sorry for my bad english ;)

(0_o(0_o)0_o)

References:
- Access Runner DSL Console vulnerability update
  - From: Chris Norton <kicktd@hotmail.com>

Prev by Date: Re: Local root exploit in SuSE Linux 8.2Pro
Next by Date: Update JBoss 308 & 321: Remote Command Injection
Previous by thread: Access Runner DSL Console vulnerability update
Next by thread: SA-20031006 slocate vulnerability
Index(es):
- Date
- Thread