25th Jan 2003 [SBWID-5950]
COMMAND
	List Site user account Hijacking
SYSTEMS AFFECTED
	List Site Pro v2
PROBLEM
	StatiX [[email protected]] says :
	It is possible to take over another  user  account  by  signing  up  and
	using | in one of the  required  feilds.  List  Site  Pro  uses  '|'  to
	delimit the database but the form input is not checked and  stripped  of
	them. So a user could sign up like this
	
	username:username
	email:[email protected]
	url:www.url.com
	bannerurl:www.site.com/banner.gif ||password|1036360992|60|468
	banner height:68
	banner width:460
	password:pass
	
	this would take over the account 1036360992 and  let  the  user  log  in
	with the password 'password' Since the user id is displayed in teh  link
	of the  topsite,  an  attacker  could  successfully  log  into  whatever
	account he chooses to. Then the  attacker  could  change  the  link  the
	banner points to, or any thing else in the account.  This  doesn't  give
	the attacker admin access. But it gives him  an  opportunity  to  render
	the topsite useless.
SOLUTION
	None yet, check :
	
	 http://www.listsitepro.com