major_rls19.txt

major_rls19.txt: Posted Jul 9, 2006; Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de; AutoRank versions 5.01 and below suffer from multiple cross site scripting and cookie disclosure flaws.; tags | advisory, xss; SHA-256 | 0788c86e5fe621d1dcfe0a732fec68ca0a18689973de1b3086e72e8ad8094ecb; Download | Favorite | View

major_rls19.txt

[MajorSecurity #19] AutoRank <= 5.01  - Multiple XSS and cookie disclosure
------------------------------------------------------------

Software: AutoRank

Version: <=5.01

Type: Cross site scripting 

Discovery Date: June, 23th 2006
 
Made public: July, 2nd 2006 

Vendor: JMB SOFTWARE

Page: http://www.jmbsoft.com/

Rated as: Low Risk

Credits:
----------------------------------------------
Discovered by: David "Aesthetico" Vieira-Kurz
http://www.majorsecurity.de

Original Advisory:
----------------------------------------------
http://www.majorsecurity.de/advisory/major_rls19.txt

Affected Products:
----------------------------------------------
AutoRank PHP 3.02 and prior
AutoRank Pro 5.01 and prior

Contacted Vendor:
----------------------------------------------
I have contacted the vendor on June, 25th 2006 at 12:25 PM via e-mail.
The vendor replied to my e-mail on June, 26th 2006, but there's still no fix available.
A copy of the e-mail is attached as screenshoot at the end of this text.

Description:
----------------------------------------------
AutoRank PHP is our next generation toplist software, written completely in PHP and backed by a MySQL database.
AutoRank Professional is a complete top list software package. 
It will keep a database of accounts, and the account holders can then send hits to your site.

Requirements:
----------------------------------------------
register_globals = On

Vulnerability:
----------------------------------------------
Input passed to the "Keyword" parameter in "search.php" and "Username" parameter in "main.cgi" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Solution(Against XSS-attacks):
----------------------------------------------
Edit the source code to ensure that input is properly sanitised.
You should work with "htmlspecialchars()" or "strip_tags()" php-function to ensure that html tags
are not going to be executed.

Example:
<?php
  echo htmlspecialchars("<script");
?>

Set "register_globals" to "Off".

Screenshoots:
----------------------------------------------
http://majorsecurity.de/advisory/AutoRank.JPG
http://majorsecurity.de/advisory/jmb_reply.JPG

Top Authors In Last 30 Days

Red Hat 249 files
Jay Turla 150 files
indoushka 147 files
Ubuntu 62 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,071)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,733)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,808)
UNIX (9,452)
UnixWare (188)
Windows (6,763)
Other

major_rls19.txt

major_rls19.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

major_rls19.txt

Share This

major_rls19.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems