CJ Tag Board details.php Multiple Variable XSS

2005-09-08T06:49:18
ID OSVDB:19494
Type osvdb
Reporter Psymera(psymera@hotmail.com)
Modified 2005-09-08T06:49:18

Description

Vulnerability Description

CJTagBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'date', 'time', 'name', 'ip' and 'agent' variables upon submission to the 'details.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 3.0 (2006-07-18) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the July 18, 2006 release without a change in version number. An upgrade is required as there are no known workarounds.

Short Description

CJTagBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'date', 'time', 'name', 'ip' and 'agent' variables upon submission to the 'details.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[folder]/details.php?date=<h1>DEFACED</h1><script>alert(document.cookie);</script> http://[target]/[folder]/details.php?time=<h1>DEFACED</h1><script>alert(document.cookie);</script> http://[target]/[folder]/details.php?name=<h1>DEFACED</h1><script>alert(document.cookie);</script> http://[target]/[folder]/details.php?ip=<h1>DEFACED</h1><script>alert(document.cookie);</script> http://[target]/[folder]/details.php?agent=<h1>DEFACED</h1><script>alert(document.cookie);</script>

References:

Vendor URL: http://www.cj-design.com/ Secunia Advisory ID:16966 Related OSVDB ID: 19495 Related OSVDB ID: 19496 Related OSVDB ID: 19497 Related OSVDB ID: 19498 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0105.html ISS X-Force ID: 22424 CVE-2005-2899