Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Another Faq-O-Matic XSS Vuln?

From: "BrainRawt ." <brainrawt () hotmail com>
Date: Fri, 19 Apr 2002 23:03:49 +0000
Another Faq-O-Matic XSS Vuln?
-----------------------------
I have seen other XSS advisories on bugtraq and securityfocus for Faq-O-Matic, 
but I have not seen an advisory for this particular vulnerability.

Faq-O-Matic XSS (cross site scripting) Vulnerability
Disovered By BrainRawt (http://rawt.daemon.sh)


About Faq-O-Matic:
------------------
The Faq-O-Matic is a CGI-based system that automates the process of maintaining a FAQ (or Frequently Asked Questions list). It allows visitors to your FAQ to 
take part in keeping it up-to-date.  Faq-O-Matic can be downloaded @
http://sourceforge.net/projects/faqomatic


Vulnerable (tested) Versions:
--------------------
Faq-O-Matic 2.712
Faq-O-Matic 2.711

Vendor Contact:
----------------
4-19-02 - An email was sent to jonhowell at users.sourceforge.net discussing
          this issue.

4-19-02 0 An email was received from Jon Howell claiming that this
          vulnerability and others have been fixed in the current CVS tree,
          which hasnt been released yet.
NOTE: Jon seems like a great guy and as you can see by the date, replied to my email VERY quickly. Thanks alot Jon for your quick reply and I hope to 
       see that new CVS tree released soon.


Vulnerability:
----------------
Faq-O-Matics fom.cgi improperly filters "file" which can be changed by visitors 
to the site.  If the "file" doesnt exist, the script prints it to the html.
A malicious vistor to this website can change "file" from its original call
and insert javascript into the site. This vulnerability can be used for various 
reasons from website redirection to cookie theft.

Exploit (POC):
----------------
http://www.target.net/path_to_Faq-O-Matic/fom?file=<script>alert('If+this+script
+was+modified,+it+could+easily+steal+amigadev.net+cookies+and+log+them+to+a+remote
+location')</script>&step

--------------------------------------------------------------------------
Which Looks Better? BlackHat or White?  You Decide! - BrainRawt

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: