Limbo CMS index.php _SERVER[REMOTE_ADDR] Variable XSS

2005-12-14T15:03:21
ID OSVDB:21754
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-12-14T15:03:21

Description

Vulnerability Description

Limbo CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_SERVER[REMOTE_ADDR]' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Limbo CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_SERVER[REMOTE_ADDR]' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/?_SERVER[]=&_SERVER[REMOTE_ADDR]=<script>alert(document.cookie)</script>

References:

Vendor URL: http://www.limbo-cms.com/ Security Tracker: 1015364 Secunia Advisory ID:18063 Related OSVDB ID: 21753 Related OSVDB ID: 21756 Related OSVDB ID: 21755 Related OSVDB ID: 21757 Related OSVDB ID: 21758 Related OSVDB ID: 21759 Other Advisory URL: http://rgod.altervista.org/limbo1042_xpl.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0143.html FrSIRT Advisory: ADV-2005-2932 CVE-2005-4317 Bugtraq ID: 15871