XMB Forum forumdisplay.php Multiple Variable XSS

2004-03-26T09:21:15
ID OSVDB:14988
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-03-26T09:21:15

Description

Vulnerability Description

XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple user supplied arguments upon submission to the forumdisplay.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.9.1 Final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple user supplied arguments upon submission to the forumdisplay.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/xmb19beta/forumdisplay.php?fid=1&threadlist=<body%20onload=alert(document.cookie);> http://[victim]/xmb19beta/forumdisplay.php?fid=1&pagelinks=<body%20onload=alert(document.cookie);> http://[victim]/xmb19beta/forumdisplay.php?fid=1&forumlist=<body%20onload=alert(document.cookie);> http://[victim]/xmb19beta/forumdisplay.php?fid=1&navigation=<body%20onload=alert(document.cookie);> http://[victim]/xmb19beta/forumdisplay.php?fid=1&forumdisplay=<body%20onload=alert(document.cookie);>

References:

Vendor URL: http://www.xmbforum.com/ Secunia Advisory ID:11230 Related OSVDB ID: 14983 Related OSVDB ID: 14984 Related OSVDB ID: 14982 Related OSVDB ID: 14985 Related OSVDB ID: 14991 Related OSVDB ID: 4643 Related OSVDB ID: 14986 Related OSVDB ID: 14987 Related OSVDB ID: 14989 Related OSVDB ID: 14990 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html Keyword: waraxe-2004-SA#012 CVE-2004-1862