##############################################################################
#
# Title : Sphinix Mobile Web Server Multiple Persistent XSS Vulnerabilities
# Author : Prabhu S Angadi SecPod Technologies (www.secpod.com)
# Vendor : http://www.sphinx-soft.com/MWS/index.html
# Advisory : http://secpod.org/blog/?p=453
# http://secpod.org/advisories/SecPod_SPHINX_SOFT_Mobile_Web_Server_Mul_Persistence_XSS_Vulns.txt
# Software : Mobile Web Server U3 3.1.2.47
# Date : 01/08/2012
#
###############################################################################
SecPod ID: 1027 23/08/2011 Issue Discovered
20/01/2012 Vendor Notified
No Response
01/02/2012 Advisory Released
Class: Cross-Site Scripting (Persistent) Severity: Medium
Overview:
---------
Sphinx Software Mobile Web Server is prone to multiple persistent Cross Site
Scripting vulnerabilities.
Technical Description:
----------------------
Input passed via the 'comment' to 1)/Blog/MyFirstBlog.txt,
2)/Blog/AboutSomething.txt pages are not properly verified, which allows remote
attackers to inject arbitrary script code.
Impact:
--------
Successful exploitation could allow remote attackers to execute malicious
scripts and steal sensitive data.
Affected Software:
------------------
Mobile Web Server U3 3.1.2.47
Tested on:
-----------
Mobile Web Server U3 3.1.2.47 on Windows XP SP2.
References:
-----------
http://secpod.org/blog/?p=453
Proof of Concept:
----------------
1) /Blog/MyFirstBlog.txt?comment=<script>alert(1234)</script>&submit=Add+Comment
2) /Blog/AboutSomething.txt?comment=<script>alert(1234)</script>&submit=Add+Comment
Vendor URL:
----------------
http://www.sphinx-soft.com/MWS/index.html
Solution:
----------
Not available
Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = LOW
AUTHENTICATION = NOT_REQUIRED
CONFIDENTIALITY_IMPACT = PARTIAL
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Credits:
--------
Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this
vulnerability.