Hello list! I want to warn you about SQL DB Structure Extraction, Full path disclosure and Cross-Site Scripting vulnerabilities in Adobe ColdFusion.
The vulnerabilities exist at detailed error report page. At 16.11.2010 I privately informed Adobe about it, but they ignored my letter. ------------------------- Affected products: ------------------------- Vulnerable are possibly all versions of Adobe ColdFusion. ---------- Details: ---------- SQL DB Structure Extraction (WASC-13): http://site/page.cfm?id=- Information about SQL query is showed (if this web application is working with DBMS). Full path disclosure (WASC-13): http://site/page.cfm?id=- Full path at server is showed. XSS (WASC-08): At request to page http://site/page.cfm?id=- with User-Agent “Mozilla<body onload=alert(document.cookie)>” it was possible to execute code. Vulnerability worked in 2009 and at 25.02.2010. Now this vulnerability is fixed (possibly in last versions of ColdFusion). XSS (WASC-08): http://site/page.cfm?id=%3Cbody%20onload=alert(document.cookie)%3E Attack vector via tag script, which worked in 2009 and at 25.02.2010, was already fixed in last versions of ColdFusion. But it's still possible to attack via many other vectors (e.g. via tag body). ------------ Timeline: ------------ 2008-2010 - found these vulnerabilities at different web sites on ColdFusion and informed admins (and some admins of these sites potentially could told Adobe about these issues, as XSS via User-Agent and via tag script were fixed at time of February 2010). 2010.11.16 - informed developers (Adobe ignored). 2011.01.27 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4879/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
