________________________________________________________________________
Security Corporation Security Advisory [SCSA-013] ________________________________________________________________________ PROGRAM: Ceilidh HOMEPAGE: http://www.lilikoi.com VULNERABLE VERSIONS: 2.70 and prior ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ "Ceilidh is a Web-based threaded discussion engine that features automatic text to HTML conversion, file attachment, e-mail notification, automatic message expiration, multiple levels of security and much more." (direct quote from http://www.lilikoi.com) DETAILS & EXPLOITS ________________________________________________________________________ ¤ Cross Site Scripting : A exploitable bug was found on Ceilidh which cause script execution on client's computer by following a crafted url. This kind of attack known as "Cross-Site Scripting Vulnerability" is present in testcgi.exe file, an attacker can input specially crafted links and/or other malicious scripts. - Exploits : http://[target]/cgi-bin/testcgi.exe?[hostile_code] The hostile code could be : [script]alert("Cookie="+document.cookie)[/script] (open a window with the cookie of the visitor.) (replace [] by <>) SOLUTIONS ________________________________________________________________________ No solution for the moment. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified. LINKS ________________________________________________________________________ - http://www.security-corp.org/index.php?ink=4-15-1 - Version Française : http://www.security-corporation.com/index.php?id=advisories&a=013-FR ------------------------------------------------------------------------ Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com ------------------------------------------------------------------------
