Geeklog Forum Plugin img src HTML Parameter XSS

2003-10-08T08:41:16
ID OSVDB:2253
Type osvdb
Reporter OSVDB
Modified 2003-10-08T08:41:16

Description

Vulnerability Description

Geeklog Forum Plugin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML parameters such as "img src" upon submission to the application. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

The Forum Plugin does not get installed by default during a Geeklog installation. Further, The IMG tag must explicitly be added to the Geeklog configuration file under the allowed HTML tags for this issue to manifest.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Geeklog Forum Plugin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML parameters such as "img src" upon submission to the application. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

The Forum Plugin does not get installed by default during a Geeklog installation. Further, The IMG tag must explicitly be added to the Geeklog configuration file under the allowed HTML tags for this issue to manifest.

Manual Testing Notes

Examples: <img src="javascript:alert()">

<b style="background-image: url(javascript:alert(document))">test</b>

References:

Vendor URL: http://www.portalparts.com/ Secunia Advisory ID:9966 Related OSVDB ID: 3205 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/0376.html Bugtraq ID: 8792