Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Critical Path InJoin Directory Server Cross-Site Scripting Vulnerability

Critical Path InJoin Directory Server Cross-Site Scripting Vulnerability

by Nikola Strahija on May 12th, 2002 HTML code is not filtered from URL parameters that are used as output in the web-based administrative interface. This enables an attacker to inject malicious script code into a link to the administrative interface. When this link is visited by an authenticated administrative user, the attacker's script code will be executed in the browser of that user, in the security context of the site running the interface.


Critical Path provides an LDAP (Lightweight Directory Access Protocol) Directory Server called InJoin. InJoin Directory is provided for Microsoft Windows operating systems and Unix variants.

Remote: Yes

Exploit:The following examples were provided as a proof-of-concept:

http://ip:1500/DSASD&DSA=1&LOCID=^.&FRAME=Y
http://ip:1500/OBCR&OC=^.&FRAME=Y


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »