Chipmunk Forum newtopic.php forumID Variable XSS

2005-10-20T14:41:06
ID OSVDB:20164
Type osvdb
Reporter trueend5(trueend5@kapda.ir)
Modified 2005-10-20T14:41:06

Description

Vulnerability Description

Chipmunk Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'newtopic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Chipmunk Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'newtopic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/board/newtopic.php?forumID='%3C/a>%3CIFRAME%20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E

References:

Secunia Advisory ID:17239 Related OSVDB ID: 20165 Related OSVDB ID: 20169 Related OSVDB ID: 20170 Related OSVDB ID: 20168 Related OSVDB ID: 20167 Related OSVDB ID: 20166 Other Advisory URL: http://irannetjob.com/content/view/148/28/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0230.html CVE-2005-3514 Bugtraq ID: 15149