wordcircle index.php Course Name Field XSS

2006-01-12T08:18:22
ID OSVDB:22359
Type osvdb
Reporter Aliaksandr Hartsuyeu(alex@evuln.com)
Modified 2006-01-12T08:18:22

Description

Vulnerability Description

wordcircle contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the content of the 'Course Name' field upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

The attacker needs to be logged in to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

wordcircle contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the content of the 'Course Name' field upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/index.php?frm=mine

Course name: [XSS]

References:

Vendor URL: http://www.wordcircle.org/ Secunia Advisory ID:18440 Related OSVDB ID: 22358 Other Advisory URL: http://www.evuln.com/vulns/28/summary.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0205.html Keyword: EV0028 ISS X-Force ID: 24106 FrSIRT Advisory: ADV-2006-0185 CVE-2006-0204 Bugtraq ID: 16227