Snitz Forums 2000 post.asp type variable XSS

2005-10-29T06:23:18
ID OSVDB:20421
Type osvdb
Reporter tHeCrEw(h4xorCrew@gmail.com)
Modified 2005-10-29T06:23:18

Description

Vulnerability Description

Snitz Forums 2000 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'type' variable upon submission to the 'post.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Michael Anderson has released a patch to address this vulnerability.

Short Description

Snitz Forums 2000 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'type' variable upon submission to the 'post.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/post.asp?method=Topic&FORUM_ID=1&CAT_ID=1&Forum_Title=General+chat&type="><script>alert(12345)</script>

References:

Vendor URL: http://forum.snitz.com/ Vendor Specific News/Changelog Entry: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60011 Secunia Advisory ID:17385 FrSIRT Advisory: ADV-2005-2261 CVE-2005-3411 Bugtraq ID: 15241