The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


List Site Pro v2 user account Hijacking vulnerablity


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sat, 25 Jan 2003 06:30:10 +0800
From: StatiX Statix <[email protected]>
To: [email protected]
Subject: List Site Pro v2 user account Hijacking vulnerablity

List Site Pro v2 user account Hijacking vulnerablity
Severity:Low
homepage:http://www.listsitepro.com


It is possible to take over another user account by signing up and using | in one of the required feilds.
List Site Pro uses '|' to delimit the database but the form input is not checked and stripped of them.
So a user could sign up like this
username:username
email:[email protected]
url:www.url.com
bannerurl:www.site.com/banner.gif ||password|1036360992|60|468
banner height:68
banner width:460
password:pass

this would take over the account 1036360992 and let the user log in with the password 'password'
Since the user id is displayed in teh link of the topsite, an attacker could successfully log into whatever 
account he chooses to. Then the attacker could change the link the banner points to, or any thing else in the account.
This doesn't give the attacker admin access. But it gives him an opportunity to render the topsite useless.

I contacted the author(s) (http://www.listsitepro.com/) on 11-3-02 and again 12-01-02. no response from either request.


StatiX
[email protected]


-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру