webmin 1.410 insecurities? XSS exploit

I was pondering writing a webmin module for some stuff I am interested in, since webmin looks so slick, and as of version 1.410 has fixed some of its security issues.

So I went to securityfocus.com and tried to see if there is anything that I should be concerned about and found that there is indeed still an XSS vulnerability – http://www.securityfocus.com/archive/1/487656 inherently webmin does not fix all input through a common save method, and so there are spot-fixes here and there, but they missed the module download dialog.

By writing the following into the file dialog textfield (thanks to Aria-Security reporting this in the above page), I was executing javascript in my browser generated from the response of the server:

“><script>alert(‘Discovered By Aria-Security’)</script>

I presume it should be possible to craft a URL link that would execute javascript that silently adds a second root-account and communicates the ip address of the cracked server to a public place…

Generally I found the code of webmin modules to be rather convoluted and will probably not put more time into it for now…

Advertisements

~ by MrMichaelWill on April 24, 2008.

One Response to “webmin 1.410 insecurities? XSS exploit”

  1. wow…. it’s true?
    can you give me some example , i’am interesting..
    cool…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: