Land Down Under (LDU) journal.php w Variable XSS

2005-08-20T22:09:23
ID OSVDB:19295
Type osvdb
Reporter bl2k(bl2k@shabgard.org)
Modified 2005-08-20T22:09:23

Description

Vulnerability Description

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'w' variable upon submission to the 'journal.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

The vendor has disputed this issue saying "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected." Subsequent posts to security mail lists and lack of followup or technical details suggest Land Down Under may be prone to XSS or SQL Injection attacks.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'w' variable upon submission to the 'journal.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/ldu/journal.php?m=home&s=username&w='><script>alert('test');</script>

References:

Vendor URL: http://www.neocrome.net/ Security Tracker: 1014747 Related OSVDB ID: 19296 Related OSVDB ID: 19297 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0277.html CVE-2005-2674 Bugtraq ID: 14619