Secunia

Multiple vulnerabilities have been identified in MaxWebPortal allowing malicious people to conduct Cross Site Scripting, retrieve the database, SPAM and reset passwords.

One problem is that search strings aren't properly verified in"search.asp" allowing malicious people to conduct Cross Site Scripting using strings like:
"><script>evil_script</script>

Another problem is that basic security in MaxWebPortal depends on the use of hidden fields. This allows malicious users to save the HTML pages, alter the values in the hidden fields, thereby gaining access to functionality that was intended only for the administrator.

An example is to set the "news" parameters value to "1" when posting. This will place the posting on the front page as news.
Another example is the "allmem" parameter, if this is set to "true" then all members will receive an email. This could be exploited to SPAM the users.

The third problem is that the database by default is located in "/database/db2000.mdb". The documentation does, however, recommend that the name and path be changed.

The fourth problem is that it is possible to reset the password for arbitrary accounts. By requesting the password to be reset, then saving the page and editing the member id, and then submitting from the altered page, the password has been reset for that member id. This allows malicious users to get access as any user including the administrator.

This has been reported to affect version 1.30 and possibly earlier.

Solution
It has been reported that a patch is available. Contact MaxWebPortal for more information.

Provided and/or discovered by
JeiAr of GulfTech Computers

Deep Links
Links available in Customer Area