Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Multiple Vulnerabilities in Alt-N WebAdmin

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Multiple Vulnerabilities in Alt-N WebAdmin
Date: 31 Jan 2005 08:53:49 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Multiple Vulnerabilities in Alt-N WebAdmin
------------------------------------------------------------------------


SUMMARY

 <http://www.altn.com/products/default.asp?product%5Fid=WebAdmin> WebAdmin 
is "a web application to administer MDaemon and RelayFax. It can be run on 
its own or as an ISAPI application under Microsoft Internet Information 
Services (IIS). MDaemon is an e-mail server for Microsoft Windows. 
RelayFax is a fax server also for Microsoft Windows".

Several vulnerabilities in WebAdmin allows an attacker to perform Cross 
Site Scripting attack as well as access and change other users' data.

DETAILS

Vulnerable Systems:
 * Alt-N WebAdmin version 3.0.2 and lower

Immune Systems:
 * Alt-N WebAdmin version 3.0.4

Cross Site Scripting (XSS):
A Cross Site Scripting exists on the useredit_account.wdm file. Example: 
http://server/WebAdmin/useredit_account.wdm?user=%3Cscript%3Ealert('test')%3C/script%3E

Users can edit all the user accounts:
There is no validation on the useredit_account.wdm script to disable 
access to other user accounts.

Example:
http://server/WebAdmin/useredit_account.wdm?user=otheruser@domain

HTML Injection:
The file modalfram.wdm allows to load any web page to make it look as if 
comes from the WebAdmin server.

Example:
http://server/WebAdmin/modalframe.wdm?file=http://other_server/page.wdm

An attacker will need to be able to logon to WebAdmin to take advantage of 
the second vulnerability, but he/she will only be able to view or modify 
the settings that he can modify on their own account (for example, if an 
user cannot modify their own "Name", he/she won't be able to modify the 
name in any other account, but if it is possible to modify their own 
"Name", the attacker will be able to modify the name in any other 
account).

Disclosure Timeline:
 * Vendor notified on December 14, 2004.
 * Vendor replied on December 14, 2004.
 * Patch released on December 14, 2004.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:kamborio@gmail.com> David 
Alonso P rez.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Multiple Vulnerabilities in Alt-N WebAdmin, SecuriTeam <=
Previous by Date:  [NT] Buffer Overflow in WinAMP in_cdda.dll CDA Device Name, SecuriTeam
Next by Date:  [NT] Defeating Microsoft Windows XP SP2 Heap Protection and DEP Bypass, SecuriTeam
Previous by Thread:  [NT] Buffer Overflow in WinAMP in_cdda.dll CDA Device Name, SecuriTeam
Next by Thread:  [NT] Defeating Microsoft Windows XP SP2 Heap Protection and DEP Bypass, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]