SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Slash Vendors:   Slashcode.com
Slashcode 'Slash' Forum Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks Against Slash Users
SecurityTracker Alert ID:  1004678
SecurityTracker URL:  http://securitytracker.com/id/1004678
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 2 2002
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): CVS version between June 17 and July 1, 2002
Description:   An input validation vulnerability hole was reported in Slash, affecting the version available in CVS from June 17 to July 1 2002. A remote user can insert arbitrary script code into messages to conduct cross-site scripting attacks.

It is reported that a remote user can insert arbitrary scripting code into messages posted to a site running the Slash code. A demonstration exploit (partial) is provided:

<p &gt; onMouseOver..insert javascript here...>

When a target user views the Slash message (or Slash page), the arbitrary scripting code will run in the target user's browser. The code will originate from the site running Slash and will run in the security context of that site. As a result, the code may be able to access the target user's cookies associated with that site. This may enable the remote user to gain access to the target user's Slash account (including administrator accounts). Also, the code may be able to take actions on the web site acting as the user. This can be used, for example, to submit messages.

The vendor reports that if you are running Slashcode from one of the tarball releases (e.g., 2.2.5) you are not vulnerable.

Impact:   A remote user can steal the cookies of a target user visiting a site running Slash. A remote user may be able to cause the target user's browser to take actions on that site acting as the target user, including posting or deleting messages (if permitted for the target user).
Solution:   The vendor has reportedly correct the flaw. Current CVS versions are reportedly fixed.

A workaround is to apply the "else" clause from this one patch here:

http://cvs.slashcode.com/index.cgi/slash/Slash/Utility/Data/Data.pm.diff?r1=1.38&r2=1.39

Vendor URL:  slashcode.com/article.pl?sid=02/07/02/167220&mode=thread&tid=4 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  Perl-based

Message History:   None.


 Source Message Contents

Subject:  XSS in Slashcode


There is a nasty Cross Site Scripting(XSS) vuln in
Slashcode. This was used a day or so go on
slashdot.org and resulted in most of the site being
taken down for an hour or so. The maintainers of
slashcode have patched the problem in CVS but have not
even mentioned it anywhere that I can find. This
leaves all sites using slash vulnerable to this
exploit.

An example exploit (incomplete) is as follows:

<p &gt; onMouseOver..insert javascript here...>

I am dissapointed that the slachcode maintainers have
silently fixed this on slashdot.org yet made no
mention of the problem elsewhere so that other sites
can patch themselves. No wonder there are so many
"trolls" on slashdot.org...ah well.

If you run a site using slashcode, get the latest CVS.

That is all. Move along. 


__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC