Easy PX 41 CMS Multiple Script Variable Injection

2005-07-29T09:16:17
ID OSVDB:18334
Type osvdb
Reporter FalconDeOro(falcondeoro@gmail.com)
Modified 2005-07-29T09:16:17

Description

Vulnerability Description

Easy PX 41 CMS contains a flaw that may allow an attacker to inject or manipulate variables in various scripts. This flaw exists because the application does not validate many variables in various scripts. This could allow a user to create a specially crafted URL that would give access to webpage contents without the need to authenticate or to execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Easy PX 41 CMS contains a flaw that may allow an attacker to inject or manipulate variables in various scripts. This flaw exists because the application does not validate many variables in various scripts. This could allow a user to create a specially crafted URL that would give access to webpage contents without the need to authenticate or to execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality.

Manual Testing Notes

http://[victim]/index.php?pg=&L=[variable-injection]&H=[variable-injection] http://[victim]/index.php?pg=[change-url]&pgtype=iframe&L=500&H=500 http://[victim]/index.php?pg=http://google.fr&pgtype=iframe&L=500&H=500 http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20démonstration.&msg=1103495330.dat&pgfull[variable-injection] http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection] http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection] http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull

References:

Vendor URL: http://www.easypx41.be/ Secunia Advisory ID:16264 Related OSVDB ID: 18336 Related OSVDB ID: 18335 Related OSVDB ID: 18333 Other Advisory URL: http://falcondeoro.blogspot.com/2005/07/xss-flaws-and-data-disclosure-in.html