VegaDNS index.php message Variable XSS

2005-08-05T00:00:00
ID OSVDB:18657
Type osvdb
Reporter dyn0(codeslag@gmail.com)
Modified 2005-08-05T00:00:00

Description

Vulnerability Description

VegaDNS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

VegaDNS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/index.php?VDNS_Sessid=[sessid]&message=[some error msg]<iframe src="http://[attacker]">

References:

Secunia Advisory ID:16370 Related OSVDB ID: 18658 Related OSVDB ID: 18656 Other Advisory URL: http://packetstorm.linuxsecurity.com/0508-exploits/vegadns-dyn0.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0193.html CVE-2006-1757 CVE-2005-2610 Bugtraq ID: 17433