-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
- --[ Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability ]--
- --[ Type
Information Leakage
- --[ Release Date
March 17, 2003
- --[ Product / Vendor
NetCharts XBRL Server 4.0 is a data visualization service that generates
charts and graphs, tables, and reports. It can be used alone or
in conjunction with any web infrastructure from the simplest CGI scripts
to the most sophisticated Enterprise Application Server.
Any data source?
- Oracle
- Sybase
- Any JDBC
- Any ODBC: Excel, Access, SQL Server
- Legacy systems
- XBRL
- XML
- ?and others
Anyhow, anywhere?
- TIFF, BMP, JPEG
- Java Applets
- Flash, PDF, HTML pages
- J2EE
- COM / ASP / .NET
- Cold Fusion
- ?and more
http://www.visualmining.com
- --[ Summary
A client may connect to the target machine and deliver several requests
with an invalid chunked encoded body.
The potential for information leakage is great but the risk is mitigated
somewhat by the unpredictability of the query-response
desynchronisation. Depending on the target site this may be somewhat
exploitable by a malicious user to redirect other users to a
specific response by saturating the communcation channels with a desired
response.
==================== SNIP ====================
GET /index.jsp HTTP/1.1
Host: victim.com
Transfer-Encoding: Chunked
53636f7474
==================== SNIP ====================
Related:
Recently disclosured advisory:
http://online.securityfocus.com/bid/6320
- --[ Tested
Netcharts XBRL Server v4.0.0 for Windows 2000
- --[ Vulnerable
Netcharts XBRL Server v4.0.0 for Windows 2000
- --[ Disclaimer
http://www.securityoffice.net is not responsible for the misuse or illegal
use of any of the information and/or the software listed on this
security advisory.
- --[ Author
Tamer Sahin
ts (at) securityoffice (dot) net [email concealed]
http://www.securityoffice.net
All our advisories can be viewed at http://www.securityoffice.net/articles/
Please send suggestions, updates, and comments to feedback (at) securityoffice (dot) net [email concealed]
(c) 2002 SecurityOffice
This Security Advisory may be reproduced and distributed, provided that this
Security Advisory is not modified in any way and is
attributed to SecurityOffice and provided that such reproduction and distribution
is performed for non-commercial purposes.
Tamer Sahin
http://www.securityoffice.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQEVAwUAPnXY7fpL5ibJRTtBAQGXHAf/aFEOVrmg+j6Jv9gLKjagsKaoxU+BvVLq
2pQ70Am/UaPTQizUmHGaLKY0X+VsZD256HLqXnmtk9QFcTXh+aZVJxIW+T8M1FFj
NgKNTVqECC8NnXiBVpo2SNJZEX77ufgBvOohAXuaI5mtZ6YuzRt8NpcC0+2phMOS
bXRgfGZCNXCtzvNoKjL1miEiJHnwDuNRHP4ISTKhVRSOPZhVDatYnY/QoKWUvwAu
n7O5WoW5tWLmVTcTdmcxa+qXVjbei+IdYIay7xFJvzwJz86/G0aD9ERrn9oVcdQw
1hG2oZkqWMJZyvnQhtlWWIr5GCjTSgIVzvc83UtSsN9Cr5IRw2hBbw==
=5zfY
-----END PGP SIGNATURE-----