MercuryBoard forum.php f Variable XSS

2005-02-16T00:00:00
ID OSVDB:13764
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-02-16T00:00:00

Description

Vulnerability Description

MercuryBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly verify the 'f' parameter upon submission to the 'forum.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MercuryBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly verify the 'f' parameter upon submission to the 'forum.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/index.php?a=forum&f='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/index.php?a=forum&f='><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.mercuryboard.com/ Security Tracker: 1013223 Secunia Advisory ID:13937 Related OSVDB ID: 13263 Related OSVDB ID: 13267 Related OSVDB ID: 13262 Related OSVDB ID: 13264 Related OSVDB ID: 13266 Related OSVDB ID: 13265 Other Advisory URL: http://lostmon.blogspot.com/2005/02/mercuryboard-forumphp-f-variable-xss.html CVE-2005-0462