Twenty Year Anniversary

snitzxss.txt

snitzxss.txt
Posted Jun 18, 2004
Authored by Pete Foster | Site sec-tec.co.uk

Sec-Tec Advisory - A cross site scripting vulnerability has been discovered in Snitz Forums 2000. Version 3.4.04 is affected.

tags | advisory, xss
MD5 | 7012e9ae03857f86bff396165533b03b

snitzxss.txt

Change Mirror Download
Sec-Tec Advisory - XSS in Snitz Forums 2000

The most up to date version of this advisory can always be found at:
www.sec-tec.co.uk/vulnerability/snitzxss.html

Advisory creation date: 6th May 2004
Product: Snitz Forums 2000
Tested version: 3.4.04 (older versions believed to be affected also)
Vulnerability: XSS
Discoverd by: Pete Foster - Sec-Tec Ltd (www.sec-tec.co.uk)

Product:
Snitz Forums 2000 is an interactive discussion environment that allows
different people on the Internet or an Intranet to leave messages for each
other, and then reply.

Description:
When registering a new account the register.asp script fails to properly
sanitize the E-mail address (Email) field. An attacker can enter specially
crafted strings into this field that can allow him to launch cross-site
scripting (XSS) attacks. Successful exploitation of this could lead to the
theft of sensitive information, such as valid session details.

Affected object:
register.asp

POC Exploit:
When registering a new account (or ammending an existing one), enter the
following as an email address:
p@p" onMouseOver="alert(document.cookie);

When a user then follows a link to send the attacker an email, the script
code is executed.


Fix:
The Email field should be filtered to remove dangerous characters.

The vendor has given details that fixes the symptoms.

--- Vendor quote ---

On line #184 of pop_mail.asp:

Change this: rs("M_EMAIL")

To this: chkString(rs("M_EMAIL"),"display")

--- End vendor quote ---

Vendor fix details can also be found at:
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=53360


Release timeline:
Vulnerability discovered: April 29th 2004
Vendor notified: May 6th 2004
Vendor response: June 11th 2004
Public release: June 16th 2004

If using this document, please link to:
http://www.sec-tec.co.uk/vulnerability/snitzxss.html



__________________________________________________________________________
The contents of this e-mail are confidential and are intended solely for
the use of the person to whom they are addressed. If you are not the
intended recipient of this message please notify the sender and delete it
immediately, disclosure of its content to any other person is prohibited
and may be unlawful. Sec-Tec does not accept any responsibility for
viruses and it is your responsibility to scan the e-mail and attachments.
Any liability arising from any third party acting on information contained
in this e-mail is hereby excluded.
--------------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close