#########################################
Application: Wayport Public Access PC
Vendor: http://www.wayport.net
Bug: Authorisation Bypass
Risk: High
Date: 8 April 2008
Author: Pascal Cretain
e-mail: Pascal.Cretain at Gmail dot com
List: BugTraq (SecurityFocus)
#########################################
http://phpstats.net/
http://www.example.com/php-stats-path/tracking.php?what=online&ip=[XSS]
Stats must have public access for this (difference from whois.php XSS).
[>>] Proviso SiteKiosk File Download Vulnerability [<<]
[x] Vendor Information:
"SiteKiosk is a software for public access internet terminals and lets you turn any computer into a secure multilanguage Internet terminal (already 20 different languages included), allowing the user to access the Internet but protecting the underlying operating system and files. Possible uses include presentations, exhibitions, libraries, and more. SiteKiosk works with normal displays and Touchscreens. A keyboard doesn't even have to be attached -- text can be entered via a keypad with a mouse. Plentiful options let you decide the amount of security your kiosk needs, from hard-disk protection to prohibiting specific Websites. The program can be used with either a direct network connection or Dial-Up Networking, providing Internet access "on demand." Other features include multiple-window support, automatic shutdown/restart, Shell-Replacement, hard-disk protection, thorough event-logging support, Log-Out Button, content-advisor, great website filtering (with automatic update)
, an easy-to-use configuration wizard, and more. SiteKiosk supports different payment methods like coin machines, bill acceptors, smart cards and others. Also very nice is the webcam support which enables users to send voice, video and photo emails. It is also possible to administer terminals by remote. SiteKiosk uses Internet Explorer as its basis but presents a much simplified interface that even the novice user will understand. Excellent online help is included."
[x] Attack Information
SiteKiosk tries to block and avoid file downloads. If you click on a link which saves a file automatically on your hard drive (e.g. an exe download link) or if you right click something and select "save as..." a window will pop up which says that it isn't possible to download the file. But you can bypass the issue with a special url - you've got to use the "about:"-url. SiteKiosk uses the microsoft internet explorer engine to display web sites, so you can also use "about:" to display anything directloy from the url. For example "about:hello" will display the text "hello" directly in the browser. Of course you can use HTML too: "about:<b>hello</b>" will display the text "hello" bold. Normally this is harmless, but in SiteKiosk you can use it to download files.
The group started as a closed and private forum, to discuss technical
and operational risks, as other venues limited discussion of critical
internet resources to politically charged subjects such ascontrol of
ICANN and ARIN, thus overshadowing other important aspects.
As of November 18th 2009, the list is open for public access, to advance
public awareness of the issues, and bring new talent on board.
The group is hosted by the ISOTF, but is governed by members.
Note: SCADA, network operations, and other related issues should be
in order to get a throughout security audit done. The SQL regexp I
just fixed and we'll update the packages today.
Nonetheless, exposure should be minimal since:
a) You aren't going to provide public access to your SIM console,
aren't you ?
b) Regarding the specific SQL injection mentioned in here (as said,
there are more we're going to fix), you shouldn't give access to the
policy section to normal users either.
