PTL-2002-03 Betsie XSS Vuln

["Mark A. Rowe (PenTest)" <mark.rowe () pentest-limited com>]

                        PenTest Limited 
                    www.pentest-limited.com 
                       Security Advisory 

                       XSS bug in Betsie

 
Announcement date: 1st July 2002 
Reference: ptl-2002-03 


Advisory Details
----------------

Product: Betsie
Vulnerable versions: 1.5.11 and all versions before
Vulnerability Type : Input Validation Error
Platforms: All 
Vendor-URL: http://www.bbc.co.uk/education/betsie/
Vendor-Status: informed, new version available
Remote-Exploit: Yes


Overview
--------

A Cross-site Scripting vulnerability exists in the Betsie application.
The developer has been notified and a fixed version has been released.  



Description
------------

Betsie stands for BBC Education Text to Speech Internet Enhancer, and is
a simple Perl script which is intended to alleviate some of the problems
experienced by people using text to speech systems for web browsing.

The Betsie perl script does not adequately validate and filter URL
input making it vulnerable to Cross-site Scripting attacks.

Cross-site Scripting example:

http://server/cgi-bin/betsie/parserl.pl/<script>alert("eek!")</script>

For more details about XSS vulnerabilities see 
http://www.owasp.org/asac/input_validation/css.shtml


Fix
---

The vendor has released a new version of the script 1.5.12, which seems
to fix the bug.


Vendor status
-------------

Vendor has released a new version. See http://www.bbc.co.uk/education/be
tsie/download.html


Thanks
------

Thankyou to Wayne Myers for responding so quickly to our notification
and promptly releasing a fix.


Credit
------

Discovered on 24 June, 2002 by
Mark Rowe ( mark.rowe () pentest-limited com)
http://www.pentest-limited.com
-- 
Mark Rowe
IT Security Consultant
PenTest Limited

Office  +44 (0)1565 830990
Fax     +44 (0)1565 830889
Mobile  +44 (0)7813 803929

mark.rowe () pentest-limited com

www.pentest-limited.com