Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Macromedia Sitespring Cross Site Scripting

Macromedia Sitespring Cross Site Scripting

by Nikola Strahija on July 18th, 2002 A malicious user could use a default error page as the basis for a cross site scripting attack.


Vulnerable:
===========
- Macromedia Sitespring V1.2.0(277.1) on Windows 2000 Server


Details:
========
The default HTTP 500 error script does not check the contents of the
error ticket (et) parameter before outputting it. That makes it
possible to inject eg. javascript in the URL.

http://server/error/500error.jsp?et=1alert('KPMG')


Vendor URL:
===========
You can visit the vendor webpage here: http://www.macromedia.com


Vendor response:
================
The vendor was notified on the 16th of April, 2002. The vendor has
since removed the trial software from the webpage. To our knowledge
there is no scheduled release date for a patch.

Additional notes:
=================
Quoted from the vendors webpage:

"We will continue to provide technical support for Sitespring
through May 2004. Please continue to visit the Sitespring support
center for TechNotes, white papers, and other product information.
If you've purchased a technical support plan for Sitespring, we
will continue to provide support pursuant to the terms of your
support agreement. Even though we will not be selling annual
Sitespring support packages, you can purchase incident-based
support from a technical support engineer."


Corrective action:
==================
Replace the error script with a custom error page. If you do not
know how to create a .jsp file, simply create a standard 500 error
page in html, and rename it to .jsp.




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »