ECHU Alert #3 : Meunity 1.1 script injection vulnerability

Mon, 14 Oct 2002 14:12:53 -0700 


----------------------------------------------
| Meunity 1.1 script injection vulnerability |
----------------------------------------------


PROGRAM: Meunity Community System
VULNERABLE VERSIONS: all
IMMUNE VERSIONS: none
SEVERITY: really high


Tested version
==============
Meunity Community System 1.1 (stable) Released with IE 5/5.5/6 and AOL.


Description
============ 
"Meunity is a sophisticated Web-based community system that uses PHP. It is object 
oriented, so it is easily extendible. Its database abstraction layer allows it to be 
compatible with multiple databases." - sourceforge.net
In fact Meunity is a quick and simple CMS with a few options, in this options there's 
a forum.

There's a vulnerability in the forum that allow a badly disposed member to execute 
code. The problem appears when a user post in the forum, a vulnerability exists in 
this CMS that allow a badly disposed member to perform a typical IMG attack against 
visitors :

<IMG SRC="javascript:alert('unsecure')"> 


The problem
=========== 
A badly disposed member can post a topic containing malicious code and as soon as 
somebody see this topic the code will be executed on his workstation.


Vendors status
==============
I contacted Zack Coburn (Meunity developper) via sourceforge.net one week ago but I 
had no answer back.


Solution
========
There's no secure release of Meunity Community System, so the unique solution is, at 
this moment, to disallow posting in Meunity forum to avoid the problem. Hope that Zack 
Coburn will release a new immune version as soon as possible.


Links
=====
http://meunity.sourceforge.net/
http://sourceforge.net/projects/meunity/


This vulnerability's orginal paper can be found here: 
http://www.echu.org/modules/news/article.php?storyid=132


David Suzanne (aka dAs)
[EMAIL PROTECTED]
http://www.echu.org 


-----------------------------------------------------------------
ECHU.ORG is not responsible for the misuse of the information we 
provide through our security advisories. These advisories are a 
service to the professional security community. In no event shall 
ECHU.ORG be liable for any consequences whatsoever arising out of 
or in connection with the use or spread of this information.
-----------------------------------------------------------------

Reply via email to