Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

ECHU Alert #3 : Meunity 1.1 script injection vulnerability

From: das () echu org
Date: Mon, 14 Oct 2002 21:54:15 +0200

----------------------------------------------
| Meunity 1.1 script injection vulnerability |
----------------------------------------------


PROGRAM: Meunity Community System
VULNERABLE VERSIONS: all
IMMUNE VERSIONS: none
SEVERITY: really high


Tested version
==============
Meunity Community System 1.1 (stable) Released with IE 5/5.5/6 and AOL.


Description
============ 
"Meunity is a sophisticated Web-based community system that uses PHP. It is object oriented, so it is easily 
extendible. Its database abstraction layer allows it to be compatible with multiple databases." - sourceforge.net
In fact Meunity is a quick and simple CMS with a few options, in this options there's a forum.

There's a vulnerability in the forum that allow a badly disposed member to execute code. The problem appears when a 
user post in the forum, a vulnerability exists in this CMS that allow a badly disposed member to perform a typical IMG 
attack against visitors :

<IMG SRC="javascript:alert('unsecure')"> 


The problem
=========== 
A badly disposed member can post a topic containing malicious code and as soon as somebody see this topic the code will 
be executed on his workstation.


Vendors status
==============
I contacted Zack Coburn (Meunity developper) via sourceforge.net one week ago but I had no answer back.


Solution
========
There's no secure release of Meunity Community System, so the unique solution is, at this moment, to disallow posting 
in Meunity forum to avoid the problem. Hope that Zack Coburn will release a new immune version as soon as possible.


Links
=====
http://meunity.sourceforge.net/
http://sourceforge.net/projects/meunity/


This vulnerability's orginal paper can be found here: http://www.echu.org/modules/news/article.php?storyid=132


David Suzanne (aka dAs)
das () echu org
http://www.echu.org 


-----------------------------------------------------------------
ECHU.ORG is not responsible for the misuse of the information we 
provide through our security advisories. These advisories are a 
service to the professional security community. In no event shall 
ECHU.ORG be liable for any consequences whatsoever arising out of 
or in connection with the use or spread of this information.
-----------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: