Hi, On April 17, 2002, frog-m@n posted a message to vuln-dev with a note about a cross-site scripting bug in a script called Sgdynamo. See: http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html http://www.ifrance.com/kitetoua/tuto/5holes1.txt The vendor has since released a fix. I've included a brief extract from http://securitytracker.com/alerts/2002/May/1004257.html with the essential details, including information from the vendor how to obtain a fix. CVE number is CAN-2002-0356. Stuart ------------------------------------------------------------------------ Ecometry's SGDynamo Web Application Engine Allows Remote Users to Conduct Cross-Site Scripting Attacks ------------------------------------------------------------------------ [Description]: A vulnerability was reported in Ecometry's SGDynamo web application engine. A remote user can conduct cross-site scripting attacks against users of web sites running SGDynamo. The 'sgdynamo.exe' script will display user-supplied data when a URL error is encountered. The data is displayed without being properly escaped. This vulnerability was recently reported by frog-m@n on the following web site: http://www.ifrance.com/kitetoua/tuto/5holes1.txt In that post, frog-m@n indicated that the following type of URL could be used to cause the server to display the user-supplied script code: http://[targethost]/sgdynamo.exe?HTNAME=<script>SCRIPT</script> A remote user could create HTML containing malicious scripting that, when loaded by a target (victim) user, would cause the target user's browser to execute the scripting. The code would appear to originate from the web site running the Ecometry software and would run in the security context of that site. As a result, the code could access the target user's cookies associated with that web site. [Editor's notes: Ecometry was formerly known as Smith-Gardner. Also, thanks to Krissy for her help on this, to Bryan @ Ecometry for his cooperation, and of course to frog-m@n who discovered the flaw. Finally, the vendor was very quick to fix this flaw once notified.] [Impact Summary]: Disclosure of authentication information, Execution of arbitrary code via network [Impact Text]: A remote user could access another user's cookies associated with the site running 'sgdynamo.exe'. [Solution]: The vendor has released a fix for versions 5.32T and above (5.32U, 6.1, 7.00). Customers should call their Ecometry Customer Support Rep in order to obtain the fixed code. Customers should reference Job # 181625-01 when requesting the code. ------------------------------------------------------------------------
