FlexPHPNews catalog.php Multiple Variable XSS

2005-07-24T05:40:24
ID OSVDB:18489
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-24T05:40:24

Description

Vulnerability Description

FlexPHPNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'front_searchsubmit', 'front_latestnews' and 'catalogid' variables upon submission to the 'catalog.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

FlexPHPNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'front_searchsubmit', 'front_latestnews' and 'catalogid' variables upon submission to the 'catalog.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/catalog.php?front_searchsubmit="><script>alert(document.cookie)</script> http://[target]/[path]/catalog.php?front_latestnews="><script>alert(document.cookie)</script> http://[target]/[path]/catalog.php?catalogid="><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.china-on-site.com/flexphpnews/ Secunia Advisory ID:16300 Related OSVDB ID: 18492 Related OSVDB ID: 18486 Related OSVDB ID: 18490 Related OSVDB ID: 18491 Related OSVDB ID: 18487 Related OSVDB ID: 18488 Other Advisory URL: http://rgod.altervista.org/flex.html ISS X-Force ID: 21641