GForge qrs.php Multiple Variable XSS

2005-07-28T06:26:51
ID OSVDB:18303
Type osvdb
Reporter Joxean Koret(joxeankoret@yahoo.es)
Modified 2005-07-28T06:26:51

Description

Vulnerability Description

GForge contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "group_id", "rows", "cols" and "wrap" variables upon submission to the "qrs.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

GForge contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "group_id", "rows", "cols" and "wrap" variables upon submission to the "qrs.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]//frs/admin/qrs.php?group_id="><script>alert(document.cookie)</script> http://[target]/notepad.php?form=parent;%0d%0a-->%0d%0a</script><body><h1>hi!</h1></body></html><!--

References:

Vendor URL: http://gforge.org/ Secunia Advisory ID:20622 Secunia Advisory ID:16253 Related OSVDB ID: 18300 Related OSVDB ID: 18301 Related OSVDB ID: 18299 Related OSVDB ID: 18302 Related OSVDB ID: 18304 Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00180.html Nessus Plugin ID:19314 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0498.html CVE-2005-2430 Bugtraq ID: 14405