News Register Control Panel Private Messages Members List Team Search News Posts About Us
 

BRS WebWeaver Error Page Cross-Site Scripting Vulnerability
  Author: Anonymous
Added: 06/27/2003
Type: Advisory
Viewed: 239 time(s)
[ Not Rated Yet ]
BRS WebWeaver Error Page Cross-Site Scripting Vulnerability

======================================================================


                      Secunia Research 26/06/2003

   - BRS WebWeaver Error Page Cross-Site Scripting Vulnerability -

======================================================================

Receive Secunia Security Advisories for free:
http://www.secunia.com/secunia_security_advisories/


======================================================================

Table of Contents
1....................................................Affected
Software
2.............................................................Severity

3.....................................Vendor's Description of
Software
4.........................................Description of
Vulnerability
5.............................................................Solution

6...........................................................Time
Table
7..............................................................Credits

8........................................................About
Secunia
9.........................................................Verification


======================================================================

1) Affected Software

BRS WebWeaver 1.0.4
BRS WebWeaver 1.0.3

NOTE: Prior versions have not been tested but may also be vulnerable.

======================================================================

2) Severity

Rating:  Less critical
Impact:  Cross-Site Scripting
Where:   From Remote

======================================================================

3) Vendor's Description of Software

"BRS WebWeaver is a free personal web server that run on the
Windows
platform. Even with it's small size ( ~375 KB ) and low memory
requirements (~4 MB) it provides lots of functionality at speeds that
will impress you."

Vendor:
http://www.brswebweaver.com

======================================================================

4) Description of Vulnerability

A vulnerability has been identified in BRS WebWeaver, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks
against visitors.

The vulnerability is caused due to a lack of input validation, since
the name of a resource requested by a user is included in certain
error pages without prior sanitation.

A malicious person can exploit this by constructing a link, which
includes arbitrary script code. If a user is tricked into clicking
the link or visit a malicious website, the script code will be
executed in the user's browser session.

Successful exploitation may result in disclosure of various
information (e.g. cookie-based authentication information)
associated with the site running BRS WebWeaver, or inclusion of
malicious content, which the user thinks is part of the real website.

Example exploiting a "404 Not Found" error page:
http://[victim]/<script>alert(document.domain)</script>

Example exploiting a "403 Access Denied":
http://[victim]/<script>alert(document.domain)</script>AAA..[196]..AAA


======================================================================

5) Solution

Update to version 1.05:
http://www.brswebweaver.com/modules.php?op=modload&name=News&file=article&sid=2

======================================================================

6) Time Table

26/04/2003 - Vulnerability discovered.
29/04/2003 - Vendor notified ([email protected]).

07/05/2003 - Vendor notified again.
07/05/2003 - Vendor reply.
03/06/2003 - Vendor releases v1.05 BETA.
24/06/2003 - Vendor releases v1.05.
26/06/2003 - Public disclosure.

======================================================================

7) Credits

Discovered by Carsten Eiram, Secunia Research.

======================================================================

8) About Secunia

Secunia collects, validates, assesses and writes advisories regarding
all the latest software vulnerabilities disclosed to the public.
These
advisories are gathered in a publicly available database at the
Secunia website:

http://www.secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security
Advisories:

http://www.secunia.com/secunia_security_advisories/


======================================================================

9) Verification

Please verify this advisory by visiting the Secunia website:
http://www.secunia.com/secunia_research/2003-6/

======================================================================

Article Pages:  1  




How would you rate this article:    Bad Good   Go � 


� Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.