FatWire UpdateEngine Multiple Variable XSS

2005-12-23T09:03:28
ID OSVDB:21936
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-12-23T09:03:28

Description

Vulnerability Description

FatWire UpdateEngine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FUELAP_TEMPLATENAME', 'EMAIL' and 'COUNTRYNAME' variables upon submission to the 'UpdateEngine' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

FatWire UpdateEngine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FUELAP_TEMPLATENAME', 'EMAIL' and 'COUNTRYNAME' variables upon submission to the 'UpdateEngine' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&PAGE_ID=FWS%5FPAGE%5F1399202&FUELAP_SITEDBID=SITE%5F%2D66&ACTIVITY_ID=FWS%5FWHITEPAPERS%5F1404733&COUNTRY_ID=INTSITE%5F1167494&CAMPAIGN_ID=SFCAMPAIGN%5F%2D1&COUNTRYNAME=us&SOURCEPAGE_ID=FWS%5FPAGE%5F1415379&FUELAP_TEMPLATENAME=[XSS]

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TEMPLATENAME=fws%FforgotpasswordForm&SOURCEPAGE_ID=FWS%5FPAGE%5F1150486&PAGE_ID=FWS%5FPAGE%5F1402412&EMAIL=[XSS]&CAMPAIGN_ID=SFCAMPAIGN%5F%2D1&COUNTRY_ID=INTSITE%5F1167494&ERROR=error&ACTIVITY_ID=FWS%5FWHITEPAPERS%5F1300483&COUNTRYNAME=us&FUELAP_SITEDBID=SITE%5F%2D66&

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TEMPLATENAME=fws%5FforgotpasswordForm&SOURCEPAGE_ID=FWS%5FPAGE%5F1150486&PAGE_ID=FWS%5FPAGE%5F1402412&EMAIL=&CAMPAIGN_ID=SFCAMPAIGN%5F%2D1&COUNTRY_ID=INTSITE%5F1167494&ERROR=error&ACTIVITY_ID=FWS%5FWHITEPAPERS%5F1300483&COUNTRYNAME=[XSS]

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TEMPLATENAME=[XSS]

References:

Vendor URL: http://www.fatwire.com/ Secunia Advisory ID:18259 Other Advisory URL: http://pridels.blogspot.com/2005/12/fatwire-updateengine-62-multiple-xss.html CVE-2005-4576 Bugtraq ID: 16073