Gravity Board X deletethread.php board_id Variable XSS

2005-08-07T08:55:27
ID OSVDB:18627
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-08-07T08:55:27

Description

Vulnerability Description

Gravity Board X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'board_id' variable upon submission to the 'deletethread.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Gravity Board X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'board_id' variable upon submission to the 'deletethread.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/deletethread.php?board_id="><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.gravityboardx.com/ Security Tracker: 1014631 Secunia Advisory ID:16342 Related OSVDB ID: 18625 Related OSVDB ID: 18626 Related OSVDB ID: 18628 Related OSVDB ID: 18632 Related OSVDB ID: 18629 Related OSVDB ID: 18631 Related OSVDB ID: 18633 Related OSVDB ID: 18630 Related OSVDB ID: 18634 Related OSVDB ID: 18635 Other Advisory URL: http://www.rgod.altervista.org/gravity.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0100.html CVE-2005-2563 Bugtraq ID: 14497