[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SiteScape Forum TCL injection
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: SiteScape Forum TCL injection
- From: "lolo lolo" <lolofon@xxxxxxxxx>
- Date: Thu, 20 Dec 2007 10:52:43 +0100
Hi,
I have following advisory for you.
niekt0@xxxxxxxxxxx
SiteScape Forum TCL injection
================================
discovered by niekt0@xxxxxxxxxxx
PRODUCT: SiteScape Forum
EXPOSURE: TCL injection
SYNOPSIS
========
By URL modification it is possible to insert TCL code into aplication.
Account on target server is not required.
PROOF OF CONCEPT
================
Make a http request in form of
hxxp://support.sitescape.com/forum/support/dispatch.cgi/0;command
You can now enter commands separated by semicolon
There are some restrictions, but exploitation is possible.
SEE ALSO
========
http://farsite.hill.af.mil/forums/area1/dispatch.cgi/_sdk/help/
WORKAROUND
==========
Upgrade to latest version.
VENDOR RESPONSE
===============
"We have developed, tested, and distributed a fix to our current customer
base via our support site. The patch is available here:
https://support.sitescape.com/forum/support/dispatch.cgi/support/docProfile/
176803/
This URL requires a login. Thank you for alerting us."
NOTICE
======
From sitescape.com :
"SiteScape's flagship product, SiteScape Forum(R), ...
SiteScape collaborative solutions are currently implemented worldwide
in organizations including the US Navy, US Centers for Disease
Control, the European Space Agency, Lockheed Martin..."
;)