Mac OS X Server Weblog Server Multiple Variable XSS

2005-08-15T07:10:08
ID OSVDB:18793
Type osvdb
Reporter Donnie Werner(morning_wood@exploitlabs.com)
Modified 2005-08-15T07:10:08

Description

Vulnerability Description

Mac OS X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate author and commentText variables upon submission to the Weblog script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate author and commentText variables upon submission to the Weblog script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]:16080/weblog/[bloguser]/?permalink=[blogentry]&comment=y&page=comments&c ategory=%2F&author=[script]&authorEmail=&authorURL=&commentText=&submit=Submit+Comment

http://[victim]:16080/weblog/[bloguser]/?permalink=[blogentry]&comment=y&page=comments&c ategory=%2F&author=&authorEmail=&authorURL=&commentText=[script]&submit=Submit+Comment

References:

Vendor Specific Advisory URL Security Tracker: 1014694 Secunia Advisory ID:16449 Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=112414785208663&w=2 Generic Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html CVE-2005-2523