Ublog Reload trackback.asp btitle Variable XSS

2005-06-19T06:55:44
ID OSVDB:17387
Type osvdb
Reporter Dedi Dwianto(the_day@echo.or.id)
Modified 2005-06-19T06:55:44

Description

Vulnerability Description

Ublog Reload contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'btitle' variable upon submission to the 'trackback.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Uapplication has released a patch to address this vulnerability.

Short Description

Ublog Reload contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'btitle' variable upon submission to the 'trackback.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/UblogReload/trackback.asp?bi=343&btitle=<script>alert('document.cookie')</script>&mode=view

References:

Vendor URL: http://www.uapplication.com/ Vendor Specific Solution URL: http://www.uapplication.com/news_details.asp?id=8 Security Tracker: 1014245 Secunia Advisory ID:15747 Related OSVDB ID: 17385 Related OSVDB ID: 17386 Other Advisory URL: http://echo.or.id/adv/adv18-theday-2005.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0153.html ISS X-Force ID: 21054 CVE-2005-2010 Bugtraq ID: 13994