Hosting Controller error.asp error Variable XSS

2005-06-28T04:37:12
ID OSVDB:17612
Type osvdb
Reporter ActionSpider(actionspider@securityfocus.com)
Modified 2005-06-28T04:37:12

Description

Vulnerability Description

Hosting Controller contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the 'error.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Hosting Controller contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the 'error.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/admin/hosting/error.asp?error=%3Cscript%3Ealert(document.cookie)%3C/script%3E

References:

Vendor URL: http://www.hostingcontroller.com/english/index.html Secunia Advisory ID:15847 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0211.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0238.html ISS X-Force ID: 21207 CVE-2005-2077 Bugtraq ID: 14080