SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  List Site PRO Vendors:  Murgallis, Gilbert
List Site PRO Allows Remote Users to Hijack User Accounts
SecurityTracker Alert ID:  1006004
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 29 2003
Impact:  Modification of authentication information, Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 2
Description:  A vulnerability was reported in List Site PRO. A remote user can gain access to a target user's account.

It is reported that a remote user can submit specially crafted data when signing up for a user account to gain access to a target user's account.

The database reportedly uses the pipe character '|' to delimit fields within the database and does not filter the character from user-supplied input. A remote user could submit the following type of text in the 'bannerurl:' field:

[anysite]/banner.gif ||password|1036360992|60|468

According to the report, this would allow the remote user to login and access account 1036360992 with the password of 'password'. User ID numbers can be determined from the link in the topsite.

The vendor has reportedly been notified.
Impact:  A remote user can gain access to a target user's account.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.listsitepro.com/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  "StatiX Statix" <mail_statix@linuxmail.org>
Message History:   None.

 Source Message Contents
Date:  Sat, 25 Jan 2003 06:30:10 +0800
From:  "StatiX Statix" <mail_statix@linuxmail.org>
Subject:  List Site Pro v2 user account Hijacking vulnerablity

 

List Site Pro v2 user account Hijacking vulnerablity
Severity:Low
homepage:http://www.listsitepro.com


It is possible to take over another user account by signing up and using | in one of the required fei
lds.
List Site Pro uses '|' to delimit the database but the form input is not checked and stripped of them
.
So a user could sign up like this
username:username
email:email@emial.com
url:www.url.com
bannerurl:www.site.com/banner.gif ||password|1036360992|60|468
banner height:68
banner width:460
password:pass

this would take over the account 1036360992 and let the user log in with the password 'password'
Since the user id is displayed in teh link of the topsite, an attacker could successfully log into wh
atever 
account he chooses to. Then the attacker could change the link the banner points to, or any thing els
e in the account.
This doesn't give the attacker admin access. But it gives him an opportunity to render the topsite us
eless.

I contacted the author(s) (http://www.listsitepro.com/) on 11-3-02 and again 12-01-02. no response fr
om either request.


StatiX
mail_statix@linuxmail.org


-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC