Website Generator banner_library.php theme Variable XSS

2005-07-18T06:14:54
ID OSVDB:18162
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-18T06:14:54

Description

Vulnerability Description

Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the banner_library.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the banner_library.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/spaw/dialogs/banner_library.php?theme="><body><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.freehostshop.com/files/index.php?id=1 Security Tracker: 1014535 Related OSVDB ID: 18156 Related OSVDB ID: 18158 Related OSVDB ID: 18161 Related OSVDB ID: 18163 Related OSVDB ID: 18157 Related OSVDB ID: 18159 Related OSVDB ID: 18160 Related OSVDB ID: 18155