WebCalendar datesel.php Multiple Variable XSS

2004-11-09T08:52:30
ID OSVDB:11612
Type osvdb
Reporter Joxean Koret(joxeankoret@yahoo.es)
Modified 2004-11-09T08:52:30

Description

Vulnerability Description

WebCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the 'datesel.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 0.9.45 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WebCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the 'datesel.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/demo/datesel.php?form=editentryform.elements[20].rpt_day.selectedIndex%20=%20day%20-%201;alert(document.cookie);//"><img%20src=http:// images.sourceforge.net/images/head_bg_new.gif%20onload=javascript:alert(document.cookie)>&fday=rpt_day&fmonth=rpt_month&fyear=rpt_year&date=20041001

http://[victim]/demo/datesel.php?form=editentryform&fday=rpt_day"%20onclick=javascript:alert(document.cookie)>&fmonth=rpt_month&fyear=rpt_year&date=20041001

References:

Vendor URL: http://webcalendar.sourceforge.net Security Tracker: 1012168 Secunia Advisory ID:13164 Related OSVDB ID: 11614 Related OSVDB ID: 11619 Related OSVDB ID: 11620 Related OSVDB ID: 11611 Related OSVDB ID: 11613 Related OSVDB ID: 11615 Related OSVDB ID: 11617 Related OSVDB ID: 11609 Related OSVDB ID: 11610 Related OSVDB ID: 11616 Related OSVDB ID: 11618 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0126.html CVE-2004-1506