SiteScape Forum TCL injection

2007-12-21T00:00:00
ID SECURITYVULNS:DOC:18702
Type securityvulns
Reporter Securityvulns
Modified 2007-12-21T00:00:00

Description

Hi, I have following advisory for you. niekt0@hysteria.sk

SiteScape Forum TCL injection

discovered by niekt0@hysteria.sk

PRODUCT: SiteScape Forum

EXPOSURE: TCL injection

SYNOPSIS

By URL modification it is possible to insert TCL code into aplication. Account on target server is not required.

PROOF OF CONCEPT

Make a http request in form of

hxxp://support.sitescape.com/forum/support/dispatch.cgi/0;command

You can now enter commands separated by semicolon There are some restrictions, but exploitation is possible.

SEE ALSO

http://farsite.hill.af.mil/forums/area1/dispatch.cgi/_sdk/help/

WORKAROUND

Upgrade to latest version.

VENDOR RESPONSE

"We have developed, tested, and distributed a fix to our current customer base via our support site. The patch is available here:

https://support.sitescape.com/forum/support/dispatch.cgi/support/docProfile/ 176803/

This URL requires a login. Thank you for alerting us."

NOTICE

From sitescape.com :

"SiteScape's flagship product, SiteScape Forum(R), ... SiteScape collaborative solutions are currently implemented worldwide in organizations including the US Navy, US Centers for Disease Control, the European Space Agency, Lockheed Martin..." ;)