Home / vulnerabilitiesPDF  

TISA2007-04-Public.txt

Posted on 08 August 2007
Source : packetstormsecurity.org Link

 


=========================================================================
TeamIntell Security Advisory TISA2007-04-Public
-------------------------------------------------------------------------
DVD Rental System multiple XSS and CSRF vulnerabilities
=========================================================================


Release Date: 02.08.2007
Severity: Less critical
Impact: Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
Status: Official patch available
Software: DVD Rental System 5.1 (DRS)
Vendor: http://www.dvdrentalsystem.com/
Disclosed: Edi Strosar (TeamIntell)


Description:
============

DRS, an online DVD rental application, is vulnerable to
multiple XSS and CSRF attacks. Proof of concept will not
be publicly released.


Details:
========

TeamIntell discovered multiple vulnerabilities in online
DVD Rental System, which can be exploited by malicious
users to conduct cross-site scripting[1] and cross-site
request forgery[2] attacks:

[1] DRS does not properly sanitize users supplied data
before sending it to clients. This can be exploited to
execute arbitrary HTML and script code in a user's browser
session in context of an affected site.

[2] The script index.php allows users to perform certain
actions via HTTP requests without performing validity
checks to verify the request. This can be exploited to
modify users's data or cancel subscription permanently.

Note: in some cases CSRF attacks could be site specific.
TeamIntell developed working PoC that affects users of one
among DVD Rental System's business partners.

The vulnerabilities are confirmed in DVD Rental System
version 5.1. Other versions may be affected.


Solution:
=========

Vendor has reported that the DVD Rental System scripts are
updated and patched. Customers should contact the vendor
for details.


References:
===========

http://en.wikipedia.org/wiki/XSS
http://en.wikipedia.org/wiki/Cross-site_request_forgery


Timeline:
=========

20.07.2007 - vulnerabilities discovered
21.07.2007 - vendor informed
01.08.2007 - vendor reports that the scripts are updated
and patched
02.08.2007 - public disclosure


Contact:
========

Maldin d.o.o.
Trzaska cesta 2
1000 Ljubljana - SI

tel: +386 (0)590 70 170
fax: +386 (0)590 70 177
gsm: +386 (0)31 816 400
web: www.teamintell.com
e-mail: info@teamintell.com


Disclaimer:
===========

The content of this report is purely informational and
meant for educational purposes only. Maldin d.o.o. shall
in no event be liable for any damage whatsoever, direct or
implied, arising from use or spread of this information.
Any use of information in this advisory is entirely at
user's own risk.

=========================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP