TITLE: SiteKiosk Base URL Restriction Bypass SECUNIA ADVISORY ID: SA10071 VERIFY ADVISORY: http://www.secunia.com/advisories/10071/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: SiteKiosk 5.x SiteKiosk 4.x DESCRIPTION: A vulnerability has been reported in SiteKiosk allowing malicious users to bypass URL restrictions. SiteKiosk restricts or allows access to sites based upon strings matching allowed or restricted URLs. However, SiteKiosk fails to detect if this string is part of another domain (e.g. a domain with a wild card DNS entry). This can be exploited to surf at a lower rate or surf free-of-charge by using a web proxy from a domain with a wild card DNS entry. The vulnerability has been reported to affect all versions. SOLUTION: Implement a firewall and restrict access based on IP addresses. REPORTED BY / CREDITS: Zrekam ---------------------------------------------------------------------- Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : support@secunia.com Tel : +45 7020 5144 Fax : +45 7020 5145 ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------