I have following advisory for you.
niekt0 (at) hysteria (dot) sk [email concealed]
SiteScape Forum TCL injection
discovered by niekt0 (at) hysteria (dot) sk [email concealed]
PRODUCT: SiteScape Forum
EXPOSURE: TCL injection
By URL modification it is possible to insert TCL code into aplication.
Account on target server is not required.
PROOF OF CONCEPT
Make a http request in form of
You can now enter commands separated by semicolon
There are some restrictions, but exploitation is possible.
Upgrade to latest version.
"We have developed, tested, and distributed a fix to our current customer
base via our support site. The patch is available here:
This URL requires a login. Thank you for alerting us."
From sitescape.com :
"SiteScape's flagship product, SiteScape Forum(R), ...
SiteScape collaborative solutions are currently implemented worldwide
in organizations including the US Navy, US Centers for Disease
Control, the European Space Agency, Lockheed Martin..."