Sambar Server rename.stm Multiple Variable XSS

2003-03-27T00:00:00
ID OSVDB:5814
Type osvdb
Reporter Gregory Le Bras(gregory.lebras@security-corporation.com)
Modified 2003-03-27T00:00:00

Description

Vulnerability Description

Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate path and name variables upon submission to the rename.stm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 6.0 beta 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate path and name variables upon submission to the rename.stm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/sysuser/docmgr/rename.stm?path=[hostile_code]

http://[victim]/sysuser/docmgr/rename.stm?name=[hostile_code

References:

Vendor URL: http://www.sambar.com/security.htm Security Tracker: 1006390 Secunia Advisory ID:8434 Other Advisory URL: http://www.security-corporation.com/advisories-012.html Nessus Plugin ID:11492 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q1/1190.html ISS X-Force ID: 11634 Bugtraq ID: 7209