Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 HTTP Response Splitting Vulnerability		  Forum Locked  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

pdrg
Support Moderator

United Kingdom
2897 Posts
Posted - 20 September 2004 :  06:13:44  Show Profile  Send pdrg a Yahoo! Message
fyi - http://secunia.com/advisories/12590/

--------------------

TITLE:
Snitz Forums 2000 HTTP Response Splitting Vulnerability

SECUNIA ADVISORY ID:
SA12590

VERIFY ADVISORY:
http://secunia.com/advisories/12590/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Snitz Forums 2000 3.4.x
http://secunia.com/product/1483/

DESCRIPTION:
Maestro has reported a vulnerability in Snitz Forums 2000, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks.

Input passed to the "location" parameter in "/down.asp" isn't properly sanitised before being used in a HTTP header. This may allow execution of arbitrary HTML and script code in a user's browser session associated with an affected site.

This can also be exploited to perform web cache poisoning.

The vulnerability has been reported in version 3.4.04. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Maestro De-Seguridad

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 20 September 2004 :  06:42:44  Show Profile  Visit HuwR's Homepage
to fix this issue, simply remove the following line from down.asp (approx line 76)

if request.form("location") <> "" then response.redirect(request.form("location"))

it is not required.
Go to Top of Page

spyordie007
Junior Member

USA
408 Posts
Posted - 20 September 2004 :  19:44:27  Show Profile  Visit spyordie007's Homepage  Send spyordie007 an AOL message
TYVM for posting this.
Power - The only narcotic controlled by the SEC, not the FDA.

Prosperity without pollution! The American Hydrogen Association - http://www.ahanw.org
Questions about Hydrogen? Post them on our forum - http://www.ahanw.org/forum
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 20 September 2004 :  19:50:05  Show Profile
I'm going to package up a new version (v3.4.05) probably end of this week, or this weekend that will include this fix, plus the other Security Fix that was released since we released v3.4.04. It will also include the few other bug fixes that are listed in this forum.
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 20 September 2004 :  19:56:32  Show Profile
Huw,

We can also just delete this line too, right? (approx line 105)

" <input type=""hidden"" value=""" & request("target") & """ name=""location"">" & vbNewLine & _
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 21 September 2004 :  03:16:19  Show Profile  Visit HuwR's Homepage
yes I would think so.
Go to Top of Page

Mr Pink
Junior Member

United Kingdom
387 Posts
Posted - 23 September 2004 :  14:09:17  Show Profile  Visit Mr Pink's Homepage  Send Mr Pink an AOL message
Is the security bug fix mailing list still in operation?
Martin
Leyland Forum Leyland Lancashire UK
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 23 September 2004 :  14:16:21  Show Profile
e-mail just went out...
Go to Top of Page

nickw
Junior Member

Ireland
193 Posts
Posted - 23 September 2004 :  15:13:39  Show Profile
Thanks for the email :)

Patching up now.
Nick
Go to Top of Page

Grandmaster
Starting Member

Brazil
46 Posts
Posted - 28 September 2004 :  21:51:19  Show Profile  Visit Grandmaster's Homepage  Send Grandmaster an ICQ Message
Richard, any idea when this new version with the corrections will be out?
--
Renato "Grandmaster"
CobiT Foundation 4.1 Certified ID: 90391725
http://www.renato.henriques.nom.br
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 29 September 2004 :  00:50:15  Show Profile
hopefully tomorrow (Wednesday)
Go to Top of Page
  Previous Topic Topic Next Topic  
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.22 seconds. Powered By: Snitz Forums 2000 Version 3.4.07