Lucene search

VHCSXSS.txt

🗓️ 30 Nov 2005 00:00:00Reported by Moritz NaumannType

packetstorm🔗 packetstormsecurity.com👁 35 Views

Vulnerability in VHCS 2.x allowing HTTP Error Cross Site Scriptin

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
  
SA0006  
  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
+++++ VHCS 2.x HTTP Error Cross Site Scripting +++++  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
PUBLISHED ON  
Nov 22, 2005  
  
  
PUBLISHED AT  
http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt  
http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt.sig  
  
  
PUBLISHED BY  
Moritz Naumann IT Consulting & Services  
Hamburg, Germany  
http://moritz-naumann.com/  
  
SECURITY at MORITZ hyphon NAUMANN d0t COM  
GPG key: http://moritz-naumann.com/keys/0x277F060C.asc  
  
  
AFFECTED APPLICATION OR SERVICE  
VHCS  
http://www.vhcs.net/  
  
VHCS, the Virtual Hosting Control System, is a virtual  
hosting management application.  
  
  
  
AFFECTED VERSIONS  
Version 2.2.0 up to and including 2.4.6.2  
  
  
BACKGROUND  
Cross Site Scripting, also known as XSS or CSS, describes  
the injection of malicious content into output produced  
by a web application. A common attack vector is the  
inclusion of arbitrary client side script code into the  
applications' output. Failure to completely sanitize user  
input from malicious content causes a web application  
to be vulnerable to Cross Site Scripting.  
  
http://en.wikipedia.org/wiki/XSS  
http://www.cgisecurity.net/articles/xss-faq.shtml  
  
  
ISSUE  
VHCS is subject to a XSS vulnerability on its HTTP error  
messages. This issue is caused by lack of input sanitation  
in vhcs/gui/errordocs/index.php which returns unfiltered  
web server environment variables.  
  
Successful exploitation may allow for impersonification  
through session stealing attacks.  
  
The following URL demonstrates this issue:  
  
[vhcs_basedir]/dev/inputvalidation%3Cscript%3Ealert(window.location.hash)%3B%3C/script%3E#XSS  
  
  
WORKAROUND  
Client: Disable Javascript.  
Server: Prevent access to vulnerable file(s).  
  
  
SOLUTIONS  
Moritz Naumann IT Consulting & Services has crafted a  
unified diff patch against VHCS 2.4.6.2 which is available at  
http://moritz-naumann.com/adv/0006/vhcsxss/patch/index.php.diff  
  
VHCS developers may provide a fix in the 2.6 release. A release  
date is not currently set.  
  
  
TIMELINE  
Oct 06, 2005 Discovery  
Oct 06, 2005 Code maintainer notified  
Oct 06, 2005 Code maintainer replies  
Nov 22, 2005 Public disclosure  
  
  
REFERENCES  
N/A  
  
  
ADDITIONAL CREDIT  
N/A  
  
  
LICENSE  
Creative Commons Attribution-ShareAlike License Germany  
http://creativecommons.org/licenses/by-sa/2.0/de/  
  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.2 (GNU/Linux)  
  
iD8DBQFDg4l+n6GkvSd/BgwRAnhcAKCEfl0VO/XNXvL9ltSkJzWMBnsGxwCdE269  
2TBoq12ltOuH467cZqOUy1k=  
=IIUA  
-----END PGP SIGNATURE-----  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Nov 2005 00:00Current

7.4High risk

Vulners AI Score7.4