+-----------------------------+ Advisories: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5 Author: nimber [nimber@mail.ru] Date: 10/06/2003 +-----------------------------+ Vendor: http://www.minihttpserver.net Version: 1.5 (and older versions?) Shareware :) Mini-description [for File-Sharing for NET v1.5]: "File Sharing for net is a complete, secure web server that shares your business documents and files over the web: remote users only need browsers to view your files. Share, transfer files securely with colleagues." Mini-description [for Forums Web Server v1.5]: "WebForums Server allows you to setup a bulletin board and photo/file exchange web service. It offers a built in HTTP engine, internal database engine, integrated HTML/Script pages, user management interface, message board engine and a secure file Upload/Download option. It is without a doubt the easiest and complet all in one Forum Server software you have seen." [The information from a site www.minihttpserver.net] +-----------------------------+ Problem: These two products, from one vendors, use the similar built - in forum (BBS). I think, that Forums Web Server v1.5 is the easy version of the program File-Sharing for NET. I have found vulnerability in the built - in forum of both programs. In the program File-Sharing for NET v1.5, at addition of the new message there is no filtration entered given in fields "Subject:" and "Your message:". It enables inserts any JS/HTML of a code. For example: <script> alert (document.cookie); </script> In the program Forums Web Server v1.5, there is no filtration only in a field "Subject:", in a field "Your message:" the symbol < is replaced on "<". +-----------------------------+ For contacts: nimber icq: 132614 e-mail: nimber@mail.ru Home Page: nimber.plux.ru Greets: ZeT,euronymous,JLx and all my friends. Hi to teams: zud team, void.ru, RusH Team, m00 security, eXploit.ru,LWTeam, F0K Project,Free-Crew. p.s> Sorry for my bad english ;) (0_o(0_o)0_o)
