Secure Login Manager Missing Input Validation Permits Cross-Site Scripting Attacks in Certain Cases
|
|
SecurityTracker Alert ID: 1017448 |
|
SecurityTracker URL: http://securitytracker.com/id/1017448
|
|
CVE Reference:
CVE-2006-6815
(Links to External Site)
|
Updated: May 20 2008
|
Original Entry Date: Dec 27 2006
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Exploit Included: Yes
|
Version(s): 1.0
|
Description:
A vulnerability was reported in Secure Login Manager. A remote user can conduct cross-site scripting attacks in certain cases.
Several administrative scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted POST request that, when loaded by an authenticated, target administrative user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Secure Login Manager software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The various parameters in the '/set_preferences.asp', '/send_password_preferences.asp', and '/SecureLoginManager/list.asp' scripts are affected.
Doz from Hackers Center Security Group reported this vulnerability.
[Editor's note: An administrator can conduct cross-site scripting attacks. However, an administrative user already has privileges to view and modify a user's password without conducting any attacks. A remote user can conduct cross-site scripting attacks only if an authenticated administrator can be forced to load the remote user's arbitrary HTTP POST request.]
|
Impact:
In certain limited situations, a remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Secure Login Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.dmxready.com/productdetails.asp?ItemID=17 (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 27 Dec 2006 17:07:17 +0000
Subject: Secure Login Manager Multiple Input Validation Vulnerabilities
|
Secure Login Manager 1.0 is a program where the users can access the password protected webpages on their website. This program avoids
unauthorized access by the users on webpage. Redirect unauthorized users to login page, manage users; passwords via admin page, configure
up to 3 levels of security. Includes MS Access database. (100% Customizable in Dreamweaver) An attacker may leverage this issue to
have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the
attacker steal cookie-based authentication credentials and launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Doz's Advisory
Risk: Medium to High
Vendor: www.dmxready.com
Class: Input Validation Error
Vulnerable: 1.0
Exploit: Attackers can exploit these issues via a web client.
Remote: SQL
Local: SQL & XSS
(Local-Admin Panel) XSS & SQL
Secure Login Manager 1.0
/set_preferences.asp
/send_password_preferences.asp
/SecureLoginManager/list.asp
(Remote-WebSite) SQL
login.asp SQL pages
/login.asp?sent=[sql]
/content.asp?mid=31&incid=17&sent=[sql]
/members.asp??sent=[sql]
Live Demo: SQL
/applications/SecureLoginManager/inc_secureloginmanager.asp?sent=[SQL]
|
|
