| VID |
21362 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The w-Agora program on the remote Web server, according to its version number, has multiple vulnerabilities.
w-Agora is a freely available PHP-based Web forum and publishing program for Microsoft Windows, Linux, and Unix-based operating systems. w-Agora version 4.1.6a is vulnerable to the following vulnerabilities:
- GET/POST Cross-Site Scripting Vulnerability: By sending a specially-crafted request to the subscribe_thread.php script, a remote attacker could cause the server to return a split response, which would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
- 'redir_url.php' SQL Injection Vulnerability: By sending a specially-crafted request to the redir_url.php script containing embedded SQL commands, a remote attacker could add, modify or delete data in the backend database.
- HTTP response splitting Vulnerability: By creating a malicious URL(HTTP GET request to the download_thread.php or HTTP POST request to the login.php or forgot_password.php script) and then persuading a target user to click it. Once the URL is clicked, the embedded codes would be executed in the victim's Web browser. A remote attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
* Note: This check solely relied on the version number of the w-Agora on the remote web server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2004/Sep/1011463.html
* Platforms Affected:
W-Agora W-Agora 4.1.6 a
Microsoft Windows Any version
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest CVS versions for subscribe_thread.php3 (1.17 or later), forgot_password.php3 (1.17 or later), include/auth.php (1.45 or later), and list.php3 (1.53 or later), available from the w-Agora Web site at http://www.w-agora.net/en/download.php |
| Related URL |
CVE-2004-1562,CVE-2004-1563,CVE-2004-1564 (CVE) |
| Related URL |
11283 (SecurityFocus) |
| Related URL |
17553,17557,17558 (ISS) |
|
