SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  SGDynamo Vendors:  Ecometry
Ecometry's SGDynamo Web Application Engine Allows Remote Users to Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1004257
SecurityTracker URL:  http://securitytracker.com/id?1004257
CVE Reference:  CAN-2002-0375   (Links to External Site)
Updated:  Jun 29 2004
Original Entry Date:  May 9 2002
Impact:  Disclosure of authentication information, Execution of arbitrary code via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Description:  A vulnerability was reported in Ecometry's SGDynamo web application engine. A remote user can conduct cross-site scripting attacks against users of web sites running SGDynamo.

The 'sgdynamo.exe' script will display user-supplied data when a URL error is encountered. The data is displayed without being properly escaped.

This vulnerability was recently reported by frog-m@n on the following web site:

http://www.ifrance.com/kitetoua/tuto/5holes1.txt

In that post, frog-m@n indicated that the following type of URL could be used to cause the server to display the user-supplied script code:

http://[targethost]/sgdynamo.exe?HTNAME=<script>SCRIPT</script>

A remote user could create HTML containing malicious scripting that, when loaded by a target (victim) user, would cause the target user's browser to execute the scripting. The code would appear to originate from the web site running the Ecometry software and would run in the security context of that site. As a result, the code could access the target user's cookies associated with that web site.

[Editor's notes: Ecometry was formerly known as Smith-Gardner. Also, thanks to Krissy for her help on this, to Bryan @ Ecometry for his cooperation, and of course to frog-m@n who discovered the flaw. Finally, the vendor was very quick to fix this flaw once notified.]
Impact:  A remote user could access another user's cookies associated with the site running 'sgdynamo.exe'.
Solution:  The vendor has released a fix for versions 5.32T and above (5.32U, 6.1, 7.00). Customers should call their Ecometry Customer Support Rep in order to obtain the fixed code. Customers should reference Job # 181625-01 when requesting the code.
Cause:  Input validation error
Underlying OS:  Windows (Any)
Reported By:  frog frog <leseulfrog@hotmail.com>
Message History:   None.

 Source Message Contents
Date:  17 Apr 2002 19:27:56 -0000
From:  frog frog <leseulfrog@hotmail.com>
Subject:  Smalls holes on 5 products #1

 



Products :
- THTTPD v2.20b
- Sgdynamo
- Myannuaire v1.0
- phpAnyvote v1.0
- DiSi-Poll 0.9.0

More details in french :
http://www.ifrance.com/kitetoua/tuto/5holes1.txt

translated by google :
http://translate.google.com/translate?u=http%3A%
2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2F5holes1.txt&langpair=fr%7Cen&hl=fr&prev=%
2Flanguage_tools

frog-m@n


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC