by r0t,der4444,cembo,VietMafia

Tuesday, December 06, 2005

Magic Book v2.0 Professional Vuln.

Magic Book v2.0 Professional Vuln.

Vuln. dicovered by : r0t
Date: 6 dec. 2005
vendor:www.cfmagic.com/products/magicbook.cfm
affected version:v.2.0 and prior

Product Description:
Magic Book Professional Edition is our totally loaded Guest Book application. It has all the things you might expect from any Guest Book available today. It allows visitors to add their comments as well as name and email address to the book in an automated process. These are then displayed in order of input for all your visitors to see. But that is where any similarity with others ends as we have added features not found on any other Guest Book anywhere.

Vuln. Description:
Magic Forum Personal contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "StartRow" parameter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Also with errors wich are provided also in example attacker can view senstive information , Directory Travesal..etc.


example:
/book.cfm?StartRow=%22%3E%3Cscript
%3Ealert('r0t')%3C/script%3E

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew