gwextranet-multi.txt

`[HSC] GWExtranet Script Injections & Privilege Escalation Vulnerability  
  
Attackers may exploit this issue via a web client. An attacker may leverage  
this  
issue to have arbitrary script code execute in the browser of an  
unsuspecting user  
in the context of the affected site. This may help the attacker steal  
cookie-based  
authentication credentials and launch other attacks. A successful exploit  
could  
allow an attacker to compromise the application by defacing by evil code  
injection.  
  
  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
  
Risk: Medium  
Class: Input Validation Error in scp.dll  
  
  
Vendor: http://www.messagingarchitects.com  
Product: Messaging Architects GWExtranet  
Version: 3.0  
  
* Attackers can exploit these issues via a web client.  
  
  
Privilege Escalation:  
  
Attackers can use privilege escalation combined with Java script to deface  
with simple injection on the New Event posting board even when "Compose" is  
off for  
public.  
  
/gwextranet/scp.dll/compose?user=ID  
  
  
  
  
  
Other Vuln Urls:  
  
/GWExtranet/scp.dll/frmonth?filter=<Evil Script>  
/GWExtranet/scp.dll/frmonth?user=<Evil Script>  
/GWExtranet/scp.dll/frmonth?month=<Evil Script>  
/gwextranet/scp.dll/?user=USERID&template=<Evil Script>  
  
URL EXAMPLE:  
  
Victim.com/Gwextranet/scp.dll/send?user=[USER_ID]&Item.to=[SCRIPT]&Item.cc=[SCRIPT]&Item.location=[SCRIPT]&Calendar.queryMonth=11&Calendar.queryDay=24&Calendar.queryYear=2007&Calendar.queryTime=11%3A00&Calendar.queryAM=1&Calendar.queryDuration=1&Calendar.queryDurationType=3&Item.subject=[SCRIPT]&Item.message=[SCRIPT]&Compose.Send.x=45&Compose.Send.y=6  
  
  
Google: GWExtranet calendar  
  
  
Only becoming a Ethical Hacker, you can stop Black Hat Hackers. Learn with  
out  
having to pay thousands!- http://kit.hackerscenter.com - The most  
comprehensive  
security pack you will ever find on the net!  
`