MaxWebPortal post.asp Multiple Parameter XSS

2005-05-11T05:14:07
ID OSVDB:16501
Type osvdb
Reporter Zinho(zinho@hackerscenter.com)
Modified 2005-05-11T05:14:07

Description

Vulnerability Description

MaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mod', 'M', 'type' or 'Forum_Title' variables upon submission to the post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mod', 'M', 'type' or 'Forum_Title' variables upon submission to the post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/post.asp?method=Topic&FORUM_ID=1&CAT_ID=1&Forum_Title=%00General+Chat&mod="><plaintext> /post.asp?method=Topic&FORUM_ID=1&CAT_ID=1&Forum_Title=%00General+Chat&M="><plaintext> /post.asp?method=Topic&FORUM_ID=1&CAT_ID=1&Forum_Title=%00General+Chat&type="><plaintext> /post.asp?method=Topic&FORUM_ID=1&CAT_ID=1&Forum_Title=http://<plaintext>

References:

Vendor URL: http://www.maxwebportal.com/ Related OSVDB ID: 16502 Related OSVDB ID: 16504 Related OSVDB ID: 16505 Related OSVDB ID: 16503 Related OSVDB ID: 16506 Other Advisory URL: http://www.hackerscenter.com/archive/view.asp?id=2542 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0122.html ISS X-Force ID: 20560 CVE-2005-1561 Bugtraq ID: 13601