CjWeb2Mail thankyou.php Multiple Variable XSS

2005-09-08T06:49:18
ID OSVDB:19497
Type osvdb
Reporter Psymera(psymera@hotmail.com)
Modified 2005-09-08T06:49:18

Description

Vulnerability Description

CJWeb2Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name', 'message' and 'ip' variables upon submission to the 'thankyou.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CJWeb2Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name', 'message' and 'ip' variables upon submission to the 'thankyou.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[folder]/thankyou.php?name=<h1>Defaced</h1><script>alert(document.cookie);</script> http://[target]/[folder]/thankyou.php?sent=1&name=<h1>Defaced</h1><script>alert(document.cookie);</script> http://[target]/[folder]/thankyou.php?sent=1&message=<h1>Defaced</h1><script>alert(document.cookie);</script> http://[target]/[folder]/thankyou.php?sent=1&show_ip=yes&ip=<h1>deface</h1><script>alert(document.cookie);</script>

References:

Vendor URL: http://www.cj-design.com/ Secunia Advisory ID:16963 Related OSVDB ID: 19495 Related OSVDB ID: 19496 Related OSVDB ID: 19494 Related OSVDB ID: 19498 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0105.html ISS X-Force ID: 22423 CVE-2005-2901