e107 class2.php Multiple Parameter XSS

2003-07-14T08:57:17
ID OSVDB:2305
Type osvdb
Reporter OSVDB
Modified 2003-07-14T08:57:17

Description

Vulnerability Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate e107 custom tags upon submission to the class2.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate e107 custom tags upon submission to the class2.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

On pages where the custom tags can be entered (Chatbox, forum posts) the following tags can be manipulated. [img][/img] - [img]/imgsrc.png' onmouseover='alert("Vulnerable");[/img] [link][/link] - [link]/link.htm" onmouseover="alert('Vulnerable');[/link] [email][/email] - [email]/foo@bar.com" onmouseover="alert('Vulnerable');[/email] [url][/url] - [url]/url.htm" onmouseover="alert('Vulnerable');[/url]

References:

Vendor URL: http://e107.org/ Secunia Advisory ID:9369 Other Advisory URL: http://www.sec-tec.co.uk/vulnerability/e107xss.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0331.html ISS X-Force ID: 12738 Bugtraq ID: 8279