Board index »  Main Dicsussions »  Snitz Forum - Delevopment Information
HTTP Response Splitting Vulnerability
Login |  Register
RegisterLoginSearch FAQ




Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
KalCorp
 Post subject:
New postPosted: Wed Sep 29, 2004 8:39 am 
User avatar
Joined: Fri Jan 05, 2001 3:39 pm
Posts: 10041
Location: USA
HTTP Response Splitting Vulnerability

--------------------

TITLE:
Snitz Forums 2000 HTTP Response Splitting Vulnerability

SECUNIA ADVISORY ID:
SA12590

VERIFY ADVISORY:
http://secunia.com/advisories/12590/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Snitz Forums 2000 3.4.x
http://secunia.com/product/1483/

DESCRIPTION:
Maestro has reported a vulnerability in Snitz Forums 2000, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks.

Input passed to the "location" parameter in "/down.asp" isn't properly sanitised before being used in a HTTP header. This may allow execution of arbitrary HTML and script code in a user's browser session associated with an affected site.

This can also be exploited to perform web cache poisoning.

The vulnerability has been reported in version 3.4.04. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Maestro De-Seguridad

See http://forum.snitz.com/forum/topic.asp?TOPIC_ID=54791 for information and fix.

fyi - http://secunia.com/advisories/12590/

_________________
{VAS}-Kal-Corp Creator Of All things {VAS}

Profile  Offline
 
KalCorp
 Post subject:
New postPosted: Wed Sep 29, 2004 8:40 am 
User avatar
Joined: Fri Jan 05, 2001 3:39 pm
Posts: 10041
Location: USA
quote:Originally posted by HuwR - Snitz Forums Admin

to fix this issue, simply remove the following line from down.asp (approx line 76)

if request.form("location") <> "" then response.redirect(request.form("location"))

it is not required.

_________________
{VAS}-Kal-Corp Creator Of All things {VAS}

Profile  Offline
 
git
 Post subject:
New postPosted: Wed Sep 29, 2004 4:28 pm 
Joined: Tue May 11, 2004 5:15 am
Posts: 80
Location: United Kingdom
thanks for the heads up

_________________
www.kokrull.com

Profile  Offline
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest

Panel
Top You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Search for:
Jump to:  
cron
*Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
-Dizayn Ercan Koc