Zorum Input Validation Flaw in 'method' Parameter Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID: 1007471|
SecurityTracker URL: http://securitytracker.com/id/1007471
(Links to External Site)
Date: Aug 11 2003
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information|
Exploit Included: Yes |
Zone-h Security Team reported an input validation vulnerability in Zorum. A remote user can conduct cross-site scripting attacks. A remote user can also determine the installation path.|
It is reported that the software does not filter HTML code from user-supplied input in the 'method' parameter before displaying the input as part of an error message. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Zorum software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A demonstration exploit URL is provided:
It is also reported that a remote user can submit a malformed URL request using the 'method' parameter (or other parameters) to cause the server to disclose the installation path. A demonstration exploit URL is provided:
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Zorum software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.|
A remote user can determine the installation path.
The vendor has reportedly issued a patch.|
Vendor URL: zorum.phpoutsourcing.com/ (Links to External Site)
Exception handling error, Input validation error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
Source Message Contents
Subject: ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path|
ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure
Published: 11 august 2003
Released: 11 august 2003
Affected Systems: v.3.4
Issue: Remote attackers can inject XSS script and know the path of the site.
Zone-h Security Team has discovered a flaw in Zorum v3.4 (and older versions?).
"Zorum is a message board software, which may be used with equal success on both
intra- and internet sites."
It's possibile to inject XSS script in the method variable.
It's possible to make a malformed http request for many variables in
Zorum and in doing so trigger an error. The resulting error message will disclose
potentially sensitive installation path information to the remote attacker.
The vendor has been contacted and a patch was produced.
Filter the method variable (xss problem), filter all variables.
G00db0y - www.zone-h.org admin
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2867/
Get Free Email from http://mail.eforu.com