|
Feeds -
Exploits
|
|
Written by RoMaNcYxHaCkEr
|
|
Tuesday, 17 March 2009 21:53 |
Kipper Local File Include and Cross Site Scripting Vulnerabilities
-\\Bugtraq ID:
33640
-\\Class:
Input Validation Error
-\\CVE:
CVE-2009-0766
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Feb 05 2009 12:00AM
-\\Updated:
Mar 17 2009 07:46PM
-\\Credit:
RoMaNcYxHaCkEr
-\\Vulnerable:
Carson Fire Kipper 2.01
-\\Discussion
Kipper is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input.
An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute
local files within the context of the webserver process.
The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication
credentials and launch other attacks.
Kipper 2.01 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must
entice an unsuspecting victim into visiting a malicious URI.
The following example URIs are available:
===============================================================
33640.html
^^^^^^^^^^^
http://www.example.com/kipper20/index.php?configfile=../../../../boot.ini
http://www.example.com/kipper20/default.php?charm=%3E%20%3E%20ScRiPt%20%3EALERT%20529227151633%20%3B%20%2FScRiPt%
3E#685828818694793444
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of
more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Kipper Homepage
http://www.bookelves.com/kipper (Carson Fire)
|
