Related information

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

Portcullis Security Advisory - Movable Type

Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability

[Full-disclosure] Invision Power Board Privilege Escalation (2.0.1 + more)

[SA17359] vBulletin Image Script Insertion Vulnerability

From:	SECUNIA <support_(at)_secunia.com>
Date:	01.11.2005
Subject:	[SA17105] eyeOS Script Insertion and Exposure of User Credentials

TITLE:
eyeOS Script Insertion and Exposure of User Credentials

SECUNIA ADVISORY ID:
SA17105

VERIFY ADVISORY:
http://secunia.com/advisories/17105/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
eyeOS 0.x
http://secunia.com/product/5902/

DESCRIPTION:
Ryan McGeehan has discovered a vulnerability and a security issue in
eyeOS, which can be exploited by malicious users to conduct script
insertion attacks and by malicious people to disclose sensitive
information.

1) Input passed to the "motd" parameter in "desktop.php" in eyeBoard
isn't properly sanitised before being used. This can be exploited to
inject arbitrary HTML and script code, which will be executed in
another user's browser session in context of an affected site when
the malicious user data is viewed.

2) The problem is that user credentials are stored in the file
"usrinfo.xml" inside the web root. This can be exploited to disclose
usernames and encrypted passwords.

The vulnerability and the security issue have been confirmed in
version 0.8.4. Prior versions may also be affected.

SOLUTION:
Update to version 0.8.5.
http://www.eyeos.org/?section=Downloads

NOTE: Security issue #2 has been fixed by adding a configuration
option for the location of user credentials. Please read the security
manual for more information.

PROVIDED AND/OR DISCOVERED BY:
Ryan McGeehan

ORIGINAL ADVISORY:
http://www.thebillygoatcurse.com/advisories/eyeOS_0.8.4_Multiple.pdf

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.