Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
About the Team
Disclosure Policy
SVCRP

Secunia Research: BRS WebWeaver Error Page Cross-Site Scripting Vulnerability

 
====================================================================== 

                      Secunia Research 26/06/2003 

   - BRS WebWeaver Error Page Cross-Site Scripting Vulnerability - 

====================================================================== 
Receive Secunia Security Advisories for free: 
http://www.secunia.com/secunia_security_advisories/

====================================================================== 
Table of Contents 
1....................................................Affected Software 
2.............................................................Severity 
3.....................................Vendor's Description of Software 
4.........................................Description of Vulnerability 
5.............................................................Solution 
6...........................................................Time Table 
7..............................................................Credits 
8........................................................About Secunia 
9.........................................................Verification 

====================================================================== 
1) Affected Software 

BRS WebWeaver 1.0.4 
BRS WebWeaver 1.0.3 

NOTE: Prior versions have not been tested but may also be vulnerable. 

====================================================================== 
2) Severity 

Rating:  Less critical 
Impact:  Cross-Site Scripting 
Where:   From Remote 

====================================================================== 
3) Vendor's Description of Software 

"BRS WebWeaver is a free personal web server that run on the Windows
platform. Even with it's small size ( ~375 KB ) and low memory
requirements (~4 MB) it provides lots of functionality at speeds that
will impress you." 

Vendor: 
http://www.brswebweaver.com

====================================================================== 
4) Description of Vulnerability 

A vulnerability has been identified in BRS WebWeaver, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks
against visitors. 

The vulnerability is caused due to a lack of input validation, since 
the name of a resource requested by a user is included in certain 
error pages without prior sanitation. 

A malicious person can exploit this by constructing a link, which
includes arbitrary script code. If a user is tricked into clicking 
the link or visit a malicious website, the script code will be 
executed in the user's browser session. 

Successful exploitation may result in disclosure of various 
information (e.g. cookie-based authentication information) 
associated with the site running BRS WebWeaver, or inclusion of
malicious content, which the user thinks is part of the real website. 

Example exploiting a "404 Not Found" error page: 
http://[victim]/<script>alert(document.domain)</script> 

Example exploiting a "403 Access Denied": 
http://[victim]/<script>alert(document.domain)</script>AAA..[196]..AAA

====================================================================== 
5) Solution 

Update to version 1.05: 
http://www.brswebweaver.com/modules.php?op=modload&name=News&file=article&sid=2
====================================================================== 
6) Time Table 

26/04/2003 - Vulnerability discovered. 
29/04/2003 - Vendor notified (info@brswebweaver.com). 
07/05/2003 - Vendor notified again. 
07/05/2003 - Vendor reply. 
03/06/2003 - Vendor releases v1.05 BETA. 
24/06/2003 - Vendor releases v1.05. 
26/06/2003 - Public disclosure. 

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research. 

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://www.secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://www.secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website: 
http://www.secunia.com/secunia_research/2003-6/
======================================================================


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability