AOH :: HP Unsorted S :: BX1155.HTM

SiteScape Forum TCL injection



SiteScape Forum TCL injection
SiteScape Forum TCL injection



Hi,
I have following advisory for you.
niekt0@hysteria.sk 

SiteScape Forum TCL injection
===============================discovered by niekt0@hysteria.sk 

PRODUCT: SiteScape Forum

EXPOSURE: TCL injection

SYNOPSIS
=======By URL modification it is possible to insert TCL code into aplication.
Account on target server is not required.

PROOF OF CONCEPT
===============Make a http request in form of

hxxp://support.sitescape.com/forum/support/dispatch.cgi/0;command

You can now enter commands separated by semicolon
There are some restrictions, but exploitation is possible.

SEE ALSO
=======http://farsite.hill.af.mil/forums/area1/dispatch.cgi/_sdk/help/ 

WORKAROUND
=========Upgrade to latest version.

VENDOR RESPONSE
=============="We have developed, tested, and distributed a fix to our current customer
base via our support site. The patch is available here:

https://support.sitescape.com/forum/support/dispatch.cgi/support/docProfile/
176803/

This URL requires a login. Thank you for alerting us."

NOTICE
=====>From sitescape.com :

"SiteScape's flagship product, SiteScape Forum(R), ...
SiteScape collaborative solutions are currently implemented worldwide
in organizations including the US Navy, US Centers for Disease
Control, the European Space Agency, Lockheed Martin..."
;)

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.