|
 |
|
MAXdev MD-Pro Cross-Site Scripting and File Upload Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA16731
|
|
|
Release Date:
|
2005-09-07
|
|
Last Update:
|
2005-10-31
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Cross Site Scripting
Exposure of system information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | MAXdev MD-Pro 1.x
|
| | CVE reference: | CVE-2005-2885 (Secunia mirror)
CVE-2005-2886 (Secunia mirror)
CVE-2005-2887 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
rgod has discovered some vulnerabilities in MAXdev MD-Pro, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and potentially compromise a vulnerable system.
1) The problem is that it is possible to upload files with an arbitrary file extension (except for files with the file extensions ".swf", ".jsp", ".php", ".php3", ".php4", ".phtml", ".pl", ".com", ".bat" and ".exe") via the "Downloads" section. This can e.g. be exploited to upload a malicious HTML document (".html"), which will be executed in a user's browser session in context of an affected site when the malicious document is viewed.
2) Certain input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Examples:
http://[host]/modules.php?op=modload&name=subjects&file=print&print=[code]
http://[host]/modules.php?op=modload&name=Messages&file=bb_smilies&sitename=[code]
http://[host]/modules.php?op=modload&name=Messages&file=bbcode_ref&sitename=[code]
http://[host]/javascript/openwindow.php?hlpfile=")[code]
It has also been reported that it is possible to disclose the full path to certain scripts by accessing them directly.
The vulnerabilities have been confirmed in version 1.0.73. Other versions may also be affected.
Solution:
Update to version 1.0.74.
http://www.maxdev.com/Downloads-index-req-viewdownload-cid-3.phtml
Provided and/or discovered by:
rgod
Changelog:
2005-09-23: Added CVE references.
2005-10-31: Updated "Solution" section.
Original Advisory:
http://rgod.altervista.org/maxdev1073.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
7 Related Secunia Security Advisories
|
|
|
1. MAXdev MD-Pro "topicid" SQL Injection
|
|
2. MAXdev MD-Pro Multiple SQL Injection Vulnerabilities
|
|
3. MAXdev MD-Pro Cross-Site Scripting and HTTP Response Splitting
|
|
4. MAXdev MD-Pro Cross-Site Scripting Vulnerability
|
|
5. MAXdev MD-Pro "topicid" SQL Injection Vulnerability
|
|
6. MAXdev MD-Pro ADOdb "server.php" Insecure Test Script Security Issue
|
|
7. MAXdev MD-Pro Multiple Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
