[31996] in bugtraq
JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
daemon@ATHENA.MIT.EDU (=?koi8-r?Q?=22?=nimber=?koi8-r?Q?=)
Mon Oct 6 17:10:24 2003
From: =?koi8-r?Q?=22?=nimber=?koi8-r?Q?=22=20?= <nimber@mail.ru>
To: bugtraq@securityfocus.com
Mime-Version: 1.0
Date: Tue, 07 Oct 2003 00:05:01 +0400
In-Reply-To: <20031005154131.24132.qmail@sf-www2-symnsj.securityfocus.com>
Reply-To: =?koi8-r?Q?=22?=nimber=?koi8-r?Q?=22=20?= <nimber@mail.ru>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E1A6bbJ-000Iig-00.nimber-mail-ru@f21.mail.ru>
+-----------------------------+
Advisories: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
Author: nimber [nimber@mail.ru]
Date: 10/06/2003
+-----------------------------+
Vendor: http://www.minihttpserver.net
Version: 1.5 (and older versions?)
Shareware :)
Mini-description [for File-Sharing for NET v1.5]:
"File Sharing for net is a complete, secure web server that shares your business documents
and files over the web: remote users only need browsers to view your files. Share, transfer
files securely with colleagues."
Mini-description [for Forums Web Server v1.5]:
"WebForums Server allows you to setup a bulletin board and photo/file exchange web service.
It offers a built in HTTP engine, internal database engine, integrated HTML/Script pages,
user management interface, message board engine and a secure file Upload/Download option.
It is without a doubt the easiest and complet all in one Forum Server software you have
seen." [The information from a site www.minihttpserver.net]
+-----------------------------+
Problem:
These two products, from one vendors, use the similar built - in forum (BBS).
I think, that Forums Web Server v1.5 is the easy version of the program File-Sharing for
NET.
I have found vulnerability in the built - in forum of both programs.
In the program File-Sharing for NET v1.5, at addition of the new message there is no
filtration entered given in fields "Subject:" and "Your message:". It enables inserts any
JS/HTML of a code.
For example:
<script> alert (document.cookie); </script>
In the program Forums Web Server v1.5, there is no filtration only in a field "Subject:",
in a field "Your message:" the symbol < is replaced on "<".
+-----------------------------+
For contacts:
nimber
icq: 132614
e-mail: nimber@mail.ru
Home Page: nimber.plux.ru
Greets: ZeT,euronymous,JLx and all my friends.
Hi to teams: zud team, void.ru, RusH Team, m00 security,
eXploit.ru,LWTeam, F0K Project,Free-Crew.
p.s> Sorry for my bad english ;)
(0_o(0_o)0_o)
