Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: 0005_ap.txt

Owl Intranet Engine (PHP) XSS




                  - -- ------------------------- -- -
[>(]                 AngryPacket Security Advisory                 [>(]
                  - -- ------------------------- -- -

+--------------------- -- -
+ advisory information
+------------------ -- -
author:       methodic <methodic@libpcap.net>
release date: 05/21/2003
homepage:     http://sec.angrypacket.com
advisory id:  0x0005

+-------------------- -- -
+ product information
+----------------- -- -
software:     Owl Intranet Engine
vendor:       Chris Vincent
homepage:     http://owl.sourceforge.net
description:
     "Owl is a multi user document repository (knowledgebase) system written
      in PHP4 for publishing of files/documents onto the web for a corporation,
      small buisness, group of people, or just for yourself."

+---------------------- -- -
+ vulnerability details
+------------------- -- -
problem:      Cross-Site Scripting
affected:     Owl 0.71 and previous versions
explaination: Owl doesn't properly filter metacharacters, allowing injection
              of JavaScript code. Since Owl doesn't assign cookies, and since
              the JavaScript code is placed before the form tag, you need to
              reference the first link in order to steal someone's session id.
risk:         Medium
status:       Vendor was notified 05/18/03, fix is available.
exploit:      Type the following into the 'Search' field:
              <script>alert(document.links[0].href);</script>
fix:          Upgrade to a newer version of Owl

+-------- -- -
+ credits
+----- -- -
Bug was found by methodic of AngryPacket security group.
gr33tz to victim1.. see j00 in KCMO!@#

+----------- -- -
+ disclaimer
+-------- -- -
The contents of this advisory are Copyright (c) 2003 AngryPacket
Security, and may be distributed freely provided that no fee is charged
for distribution and that proper credit is given. As such, AngryPacket
Security group, collectively or individually, shall not be held liable
or responsible for the misuse of any information contained herein.

                  - -- ------------------------- -- -
[>(]                 AngryPacket Security Advisory                 [>(]
                  - -- ------------------------- -- -


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH