SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Snitz Forums Vendors:   Snitz Communications
Snitz Forums Input Validation Script Filtering Can Be Circumvented By Remote Users to Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1006598
SecurityTracker URL:  http://securitytracker.com/id/1006598
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 18 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  

Description:   An input validation vulnerability was reported in Snitz Forums. A remote user can circumvent the script filtering and insert scripting code as part of a cross-site scripting attack against forum users.

It is reported that a remote user can add a 'tab' character (0x09) to a javascript command and insert the command in a message on the forum. Then, when a target user views the message, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the Snitz Forums software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit is provided (the tab character is represented by '<tab>'):

[img]jav<tab>asc<tab>ript:alert%28document.cookie%29[/img]

The vendor has reportedly been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Snitz Forums software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry. An unofficial patch is available at:

http://int23.online.de/badwebmasters/txt/adv011.txt

Vendor URL:  forum.snitz.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  CrossSite Scripting @ Snitz Forums 2000





Description:

The BadWord-(Script-)Filter can be tricked by adding the Tab-Char (0x09) 
into the script command. This may lead to CrossSite-Scripting.


Exploit:

[img]jav	asc	ript:alert%28document.cookie%29[/img]


Vendor:

Has been contacted on 15. April.


Patch:

Available at http://int23.online.de/badwebmasters/txt/adv011.txt



greetZ bWM


  -----------------------------------------------------
   badWebMasters - online security vs. web underground
         http://int23.online.de/badwebmasters

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC