Twenty Year Anniversary

SourceBans 1.4.11 Cross Site Scripting

SourceBans 1.4.11 Cross Site Scripting
Posted Oct 6, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-8349
MD5 | a0a1bd04a803569dabb2411f7e9e49bf

SourceBans 1.4.11 Cross Site Scripting

Change Mirror Download
Advisory ID: HTB23273
Product: SourceBans
Vendor: Sourcebans team
Vulnerable Version(s): 1.4.11 and probably prior
Tested Version: 1.4.11
Advisory Publication: October 2, 2015 [without technical details]
Vendor Notification: October 2, 2015
Public Disclosure: October 22, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-8349
Risk Level: Medium
CVSSv3 Base Score: 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in SourceBans, which can be exploited to perform Cross-Site Scripting (XSS) attacks against web application users.

The vulnerability exists due to insufficient filtration of input-data passed via the "advSearch" HTTP GET parameter to "/index.php" script when "p" parameter is set to 'banlist'. A remote unauthenticated attacker can trick any user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

This vulnerability can be used in an advanced attack to compromise the web application and gain control over services within the local network.

A simple exploit below will display a JS popup with "ImmuniWeb" word:

http://[host]/index.php?p=banlist&advSearch=0%27%22%3E%3Cimg+src=x+onerror=alert%28/ImmuniWeb/%29%3E&advType=btype



-----------------------------------------------------------------------------------------------

Solution:

Update to SourceBans 2.0 pre-alpha. This version is not vulnerable.

-----------------------------------------------------------------------------------------------

References:

[1] High-Tech Bridge Advisory HTB23273 - https://www.htbridge.com/advisory/HTB23273 - Reflected Cross-Site Scripting (XSS) in SourceBans.
[2] SourceBans - http://www.sourcebans.net/ - When running SourceBans web interface and the SourceMod plugin together, you will be able to instantly ban people from all of the servers you have added into the system.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.

-----------------------------------------------------------------------------------------------

Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close