Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17690
HistoryAug 03, 2007 - 12:00 a.m.

[Full-disclosure] DVD Rental System multiple XSS and CSRF vulnerabilities

2007-08-0300:00:00
vulners.com
22
JSON

=========================================================================
TeamIntell Security Advisory TISA2007-04-Public

DVD Rental System multiple XSS and CSRF vulnerabilities

Release Date: 02.08.2007
Severity: Less critical
Impact: Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
Status: Official patch available
Software: DVD Rental System 5.1 (DRS)
Vendor: http://www.dvdrentalsystem.com/
Disclosed: Edi Strosar (TeamIntell)

Description:

DRS, an online DVD rental application, is vulnerable to
multiple XSS and CSRF attacks. Proof of concept will not
be publicly released.

Details:

TeamIntell discovered multiple vulnerabilities in online
DVD Rental System, which can be exploited by malicious
users to conduct cross-site scripting[1] and cross-site
request forgery[2] attacks:

[1] DRS does not properly sanitize users supplied data
before sending it to clients. This can be exploited to
execute arbitrary HTML and script code in a user's browser
session in context of an affected site.

[2] The script index.php allows users to perform certain
actions via HTTP requests without performing validity
checks to verify the request. This can be exploited to
modify users's data or cancel subscription permanently.

Note: in some cases CSRF attacks could be site specific.
TeamIntell developed working PoC that affects users of one
among DVD Rental System's business partners.

The vulnerabilities are confirmed in DVD Rental System
version 5.1. Other versions may be affected.

Solution:

Vendor has reported that the DVD Rental System scripts are
updated and patched. Customers should contact the vendor
for details.

References:

http://en.wikipedia.org/wiki/XSS
http://en.wikipedia.org/wiki/Cross-site_request_forgery

Timeline:

20.07.2007 - vulnerabilities discovered
21.07.2007 - vendor informed
01.08.2007 - vendor reports that the scripts are updated
and patched
02.08.2007 - public disclosure

Contact:

Maldin d.o.o.
Trzaska cesta 2
1000 Ljubljana - SI

tel: +386 (0)590 70 170
fax: +386 (0)590 70 177
gsm: +386 (0)31 816 400
web: www.teamintell.com
e-mail: [email protected]

Disclaimer:

The content of this report is purely informational and
meant for educational purposes only. Maldin d.o.o. shall
in no event be liable for any damage whatsoever, direct or
implied, arising from use or spread of this information.
Any use of information in this advisory is entirely at
user's own risk.

=========================================================================

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON