List Site Pro v2 user account Hijacking vulnerablity

2007.10.16
Credit: StatiX Statix
Risk: Low
Local: Yes
Remote: Yes
CWE: N/A


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

List Site Pro v2 user account Hijacking vulnerablity Severity:Low homepage:http://www.listsitepro.com It is possible to take over another user account by signing up and using | in one of the required feilds. List Site Pro uses '|' to delimit the database but the form input is not checked and stripped of them. So a user could sign up like this username:username email:email (at) emial (dot) com [email concealed] url:www.url.com bannerurl:www.site.com/banner.gif ||password|1036360992|60|468 banner height:68 banner width:460 password:pass this would take over the account 1036360992 and let the user log in with the password 'password' Since the user id is displayed in teh link of the topsite, an attacker could successfully log into whatever account he chooses to. Then the attacker could change the link the banner points to, or any thing else in the account. This doesn't give the attacker admin access. But it gives him an opportunity to render the topsite useless. I contacted the author(s) (http://www.listsitepro.com/) on 11-3-02 and again 12-01-02. no response from either request. StatiX mail_statix (at) linuxmail (dot) org [email concealed] -- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top