Interspire ArticleLive 2005 Registration Username Field XSS

2005-07-07T05:20:50
ID OSVDB:17780
Type osvdb
Reporter Critical Security()
Modified 2005-07-07T05:20:50

Description

Vulnerability Description

ArticleLive 2005 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Username' variable upon submission to the '/authors/register/do' registration script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

This vulnerability requires the magic_quotes_gpc PHP option be set to 'off'.

Solution Description

Upgrade to version 2005.04 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

ArticleLive 2005 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Username' variable upon submission to the '/authors/register/do' registration script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

Enter username as: <script>alert('hi')</script> OR <script>alert(/hi/)</script> in the registration page and submit the form after filling other required fields

References:

Vendor URL: http://www.interspire.com/articlelive/ Vendor Specific News/Changelog Entry: http://www.interspire.com/blogs/ Secunia Advisory ID:15971 Other Advisory URL: http://critical.lt/?loc=articles&id=10 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0307.html