|
MaxWebPortal Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA8979
|
|
|
Release Date:
|
2003-06-10
|
|
Popularity:
|
6,275 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Exposure of sensitive information
Privilege escalation
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | MaxWebPortal 1.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Multiple vulnerabilities have been identified in MaxWebPortal allowing malicious people to conduct Cross Site Scripting, retrieve the database, SPAM and reset passwords.
One problem is that search strings aren't properly verified in"search.asp" allowing malicious people to conduct Cross Site Scripting using strings like:
"><script>evil_script</script>
Another problem is that basic security in MaxWebPortal depends on the use of hidden fields. This allows malicious users to save the HTML pages, alter the values in the hidden fields, thereby gaining access to functionality that was intended only for the administrator.
An example is to set the "news" parameters value to "1" when posting. This will place the posting on the front page as news.
Another example is the "allmem" parameter, if this is set to "true" then all members will receive an email. This could be exploited to SPAM the users.
The third problem is that the database by default is located in "/database/db2000.mdb". The documentation does, however, recommend that the name and path be changed.
The fourth problem is that it is possible to reset the password for arbitrary accounts. By requesting the password to be reset, then saving the page and editing the member id, and then submitting from the altered page, the password has been reset for that member id. This allows malicious users to get access as any user including the administrator.
This has been reported to affect version 1.30 and possibly earlier.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
