BRS WebWeaver Error Page Cross-Site Scripting Vulnerability
======================================================================
Secunia Research 26/06/2003
- BRS WebWeaver Error Page Cross-Site Scripting Vulnerability -
====================================================================== Receive Secunia Security Advisories for free: http://www.secunia.com/secunia_security_advisories/
====================================================================== Table of Contents 1....................................................Affected Software 2.............................................................Severity 3.....................................Vendor's Description of Software 4.........................................Description of Vulnerability 5.............................................................Solution 6...........................................................Time Table 7..............................................................Credits 8........................................................About Secunia 9.........................................................Verification
====================================================================== 1) Affected Software
BRS WebWeaver 1.0.4 BRS WebWeaver 1.0.3
NOTE: Prior versions have not been tested but may also be vulnerable.
====================================================================== 2) Severity
Rating: Less critical Impact: Cross-Site Scripting Where: From Remote
====================================================================== 3) Vendor's Description of Software
"BRS WebWeaver is a free personal web server that run on the Windows platform. Even with it's small size ( ~375 KB ) and low memory requirements (~4 MB) it provides lots of functionality at speeds that will impress you."
Vendor: http://www.brswebweaver.com
====================================================================== 4) Description of Vulnerability
A vulnerability has been identified in BRS WebWeaver, which can be exploited by malicious people to conduct Cross-Site Scripting attacks against visitors.
The vulnerability is caused due to a lack of input validation, since the name of a resource requested by a user is included in certain error pages without prior sanitation.
A malicious person can exploit this by constructing a link, which includes arbitrary script code. If a user is tricked into clicking the link or visit a malicious website, the script code will be executed in the user's browser session.
Successful exploitation may result in disclosure of various information (e.g. cookie-based authentication information) associated with the site running BRS WebWeaver, or inclusion of malicious content, which the user thinks is part of the real website.
Example exploiting a "404 Not Found" error page: http://[victim]/<script>alert(document.domain)</script>
Example exploiting a "403 Access Denied": http://[victim]/<script>alert(document.domain)</script>AAA..[196]..AAA
====================================================================== 5) Solution
Update to version 1.05: http://www.brswebweaver.com/modules.php?op=modload&name=News&file=article&sid=2 ====================================================================== 6) Time Table
26/04/2003 - Vulnerability discovered. 29/04/2003 - Vendor notified ([email protected]). 07/05/2003 - Vendor notified again. 07/05/2003 - Vendor reply. 03/06/2003 - Vendor releases v1.05 BETA. 24/06/2003 - Vendor releases v1.05. 26/06/2003 - Public disclosure.
====================================================================== 7) Credits
Discovered by Carsten Eiram, Secunia Research.
====================================================================== 8) About Secunia
Secunia collects, validates, assesses and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia website:
http://www.secunia.com/
Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their specific system configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://www.secunia.com/secunia_security_advisories/
====================================================================== 9) Verification
Please verify this advisory by visiting the Secunia website: http://www.secunia.com/secunia_research/2003-6/ ====================================================================== |