Vulners
Lucene search
VHCSXSS.txt
🗓️ 30 Nov 2005 00:00:00Reported by Moritz NaumannType 
packetstorm🔗 packetstormsecurity.com👁 38 Views
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SA0006
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++ VHCS 2.x HTTP Error Cross Site Scripting +++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PUBLISHED ON
Nov 22, 2005
PUBLISHED AT
http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt
http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt.sig
PUBLISHED BY
Moritz Naumann IT Consulting & Services
Hamburg, Germany
http://moritz-naumann.com/
SECURITY at MORITZ hyphon NAUMANN d0t COM
GPG key: http://moritz-naumann.com/keys/0x277F060C.asc
AFFECTED APPLICATION OR SERVICE
VHCS
http://www.vhcs.net/
VHCS, the Virtual Hosting Control System, is a virtual
hosting management application.
AFFECTED VERSIONS
Version 2.2.0 up to and including 2.4.6.2
BACKGROUND
Cross Site Scripting, also known as XSS or CSS, describes
the injection of malicious content into output produced
by a web application. A common attack vector is the
inclusion of arbitrary client side script code into the
applications' output. Failure to completely sanitize user
input from malicious content causes a web application
to be vulnerable to Cross Site Scripting.
http://en.wikipedia.org/wiki/XSS
http://www.cgisecurity.net/articles/xss-faq.shtml
ISSUE
VHCS is subject to a XSS vulnerability on its HTTP error
messages. This issue is caused by lack of input sanitation
in vhcs/gui/errordocs/index.php which returns unfiltered
web server environment variables.
Successful exploitation may allow for impersonification
through session stealing attacks.
The following URL demonstrates this issue:
[vhcs_basedir]/dev/inputvalidation%3Cscript%3Ealert(window.location.hash)%3B%3C/script%3E#XSS
WORKAROUND
Client: Disable Javascript.
Server: Prevent access to vulnerable file(s).
SOLUTIONS
Moritz Naumann IT Consulting & Services has crafted a
unified diff patch against VHCS 2.4.6.2 which is available at
http://moritz-naumann.com/adv/0006/vhcsxss/patch/index.php.diff
VHCS developers may provide a fix in the 2.6 release. A release
date is not currently set.
TIMELINE
Oct 06, 2005 Discovery
Oct 06, 2005 Code maintainer notified
Oct 06, 2005 Code maintainer replies
Nov 22, 2005 Public disclosure
REFERENCES
N/A
ADDITIONAL CREDIT
N/A
LICENSE
Creative Commons Attribution-ShareAlike License Germany
http://creativecommons.org/licenses/by-sa/2.0/de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDg4l+n6GkvSd/BgwRAnhcAKCEfl0VO/XNXvL9ltSkJzWMBnsGxwCdE269
2TBoq12ltOuH467cZqOUy1k=
=IIUA
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4