Slashcode submit.pl filter Variable XSS

2004-12-20T20:21:40
ID OSVDB:21875
Type osvdb
Reporter Michael Krax()
Modified 2004-12-20T20:21:40

Description

Vulnerability Description

Slashcode contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'filter' variable upon submission to the 'submit.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to Slash CVS version R_2_5_0_41 and release version 2.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Slashcode contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'filter' variable upon submission to the 'submit.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/submit.pl?op=list&filter="%3e%3cscript%3ealert("hello")%3c/script%3e

References:

Vendor Specific News/Changelog Entry: http://www.slashcode.com/article.pl?sid=04/12/15/1540200&tid=11&tid=5&tid=4 Vendor Specific News/Changelog Entry: http://www.slashcode.com/slash/04/12/20/1946225.shtml?tid=11&tid=5&tid=4 Secunia Advisory ID:13491 Related OSVDB ID: 21874 ISS X-Force ID: 18508 CVE-2004-2656 Bugtraq ID: 11993