IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability ===================================================================== During the audit of 3rd party product, based on IBM Directory Server, i found a cross site scripting vulnerability on IBM's Directory Server 4.1 Web Admin Gui. The vuln exists due to the fact that ldacgi.exe does not validate the input regarding script code. Version: ======== IBM Directory Server 4.1 ( IBM HTTP Server 1.3.19.2 Apache/1.3.20) running on Windows platform. Exploiting: =========== https://server/ldap/cgi-bin/ldacgi.exe?Action=<script>alert("foo")</script> Vendor: ======= Website: http://www.ibm.com Product: http://www-306.ibm.com/software/tivoli/products/directory-server/ Status: informed - but no reply within 7 days Misc: ===== The XSS exists in ldacgi.exe which will appear on the login-screen. Its a vuln with a small impact, but user-input should always be validated :) By the way.....requesting ldacgi3.exe (no auth. required) gives lot of information about the accepted parameters of ldcgi.exe, which can be used to start further attacks against ldacgi.exe. Credit: ======= Oliver.Karow[@]gmx.de www.oliverkarow.de -- +++ GMX - die erste Adresse für Mail, Message, More +++ Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
