ASPapp Products Code Injection

2003-12-18T00:00:00
ID OSVDB:3127
Type osvdb
Reporter OSVDB
Modified 2003-12-18T00:00:00

Description

Vulnerability Description

IntranetApp, PortalApp and ProjectApp all contain a flaw that may allow a malicious user to inject code to be executed by a user or admin. The issue is triggered by injecting a script into a field normally used for a link or text. It is possible that the flaw may allow the execution of arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Technical Description

There are at least three vulnerable ASP files: forums.asp, submit.asp and upd_user.asp.

forums.asp allows a malicious user to post a script into the title and message form fields. As messages are posted to the main page of the website, all users can be affected.

submit.asp allows a malicious user to submit a script instead of an expected link. The admin is affected when this submission is reviewed.

The profile section also contains multiple vulnerabilities. Scripts injected into the profile update form via upd_user.asp are executed when the affected profile is viewed by user_public.asp. The vulnerable form fields are: First Name, Last Name, and Country.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The vendor has committed to releasing a patch.

Short Description

IntranetApp, PortalApp and ProjectApp all contain a flaw that may allow a malicious user to inject code to be executed by a user or admin. The issue is triggered by injecting a script into a field normally used for a link or text. It is possible that the flaw may allow the execution of arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://www.aspapp.com/apps/products.asp?catid=66&prodid=portalapp Secunia Advisory ID:10465 Generic Informational URL: http://www.gulftech.org/12182003.php