TITLE:
SiteKiosk Base URL Restriction Bypass

SECUNIA ADVISORY ID:
SA10071

VERIFY ADVISORY:
http://www.secunia.com/advisories/10071/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
Local system

SOFTWARE:
SiteKiosk 5.x
SiteKiosk 4.x

DESCRIPTION:
A vulnerability has been reported in SiteKiosk allowing malicious
users to bypass URL restrictions.

SiteKiosk restricts or allows access to sites based upon strings
matching allowed or restricted URLs. However, SiteKiosk fails to
detect if this string is part of another domain (e.g. a domain with a
wild card DNS entry).

This can be exploited to surf at a lower rate or surf free-of-charge
by using a web proxy from a domain with a wild card DNS entry.

The vulnerability has been reported to affect all versions.

SOLUTION:
Implement a firewall and restrict access based on IP addresses.

REPORTED BY / CREDITS:
Zrekam

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web	: http://www.secunia.com/
E-mail	: support@secunia.com
Tel	: +45 7020 5144
Fax	: +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

----------------------------------------------------------------------