SecurityTracker: Ecometry's SGDynamo Web Application Engine Allows Remote Users to Conduct Cross-Site Scripting Attacks

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > SGDynamo

Vendors: Ecometry

Ecometry's SGDynamo Web Application Engine Allows Remote Users to Conduct Cross-Site Scripting Attacks

SecurityTracker Alert ID: 1004257

SecurityTracker URL: http://securitytracker.com/id/1004257

CVE Reference: CAN-2002-0375 (Links to External Site)

Updated: Jun 29 2004

Original Entry Date: May 9 2002

Impact: Disclosure of authentication information, Execution of arbitrary code via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Description: A vulnerability was reported in Ecometry's SGDynamo web application engine. A remote user can conduct cross-site scripting attacks against users of web sites running SGDynamo.

The 'sgdynamo.exe' script will display user-supplied data when a URL error is encountered. The data is displayed without being properly escaped.

This vulnerability was recently reported by frog-m@n on the following web site:

http://www.ifrance.com/kitetoua/tuto/5holes1.txt

In that post, frog-m@n indicated that the following type of URL could be used to cause the server to display the user-supplied script code:

http://[targethost]/sgdynamo.exe?HTNAME=<script>SCRIPT</script>

A remote user could create HTML containing malicious scripting that, when loaded by a target (victim) user, would cause the target user's browser to execute the scripting. The code would appear to originate from the web site running the Ecometry software and would run in the security context of that site. As a result, the code could access the target user's cookies associated with that web site.

[Editor's notes: Ecometry was formerly known as Smith-Gardner. Also, thanks to Krissy for her help on this, to Bryan @ Ecometry for his cooperation, and of course to frog-m@n who discovered the flaw. Finally, the vendor was very quick to fix this flaw once notified.]

Impact: A remote user could access another user's cookies associated with the site running 'sgdynamo.exe'.

Solution: The vendor has released a fix for versions 5.32T and above (5.32U, 6.1, 7.00). Customers should call their Ecometry Customer Support Rep in order to obtain the fixed code. Customers should reference Job # 181625-01 when requesting the code.

Cause: Input validation error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: 17 Apr 2002 19:27:56 -0000
Subject: Smalls holes on 5 products #1




Products :
- THTTPD v2.20b
- Sgdynamo
- Myannuaire v1.0
- phpAnyvote v1.0
- DiSi-Poll 0.9.0

More details in french :
http://www.ifrance.com/kitetoua/tuto/5holes1.txt

translated by google :
http://translate.google.com/translate?u=http%3A%
2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2F5holes1.txt&langpair=fr%7Cen&hl=fr&prev=%
2Flanguage_tools

frog-m@n

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC