NOCC no_mail.php html_no_mail Variable XSS

2006-02-23T10:32:35
ID OSVDB:23426
Type osvdb
Reporter retrogod(rgod@austici.org)
Modified 2006-02-23T10:32:35

Description

Vulnerability Description

NOCC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'html_no_mail' variable upon submission to the 'no_mail.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

NOCC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'html_no_mail' variable upon submission to the 'no_mail.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/html/no_mail.php?html_no_mail=<script>alert(document.cookie)</script>

References:

Vendor URL: http://nocc.sourceforge.net/ Security Tracker: 1015671 Secunia Advisory ID:16921 Related OSVDB ID: 23423 Related OSVDB ID: 23424 Related OSVDB ID: 23417 Related OSVDB ID: 23418 Related OSVDB ID: 23420 Related OSVDB ID: 23422 Related OSVDB ID: 23425 Related OSVDB ID: 23427 Related OSVDB ID: 23416 Related OSVDB ID: 23421 Related OSVDB ID: 23419 Other Advisory URL: http://retrogod.altervista.org/noccw_10_incl_xpl.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html CVE-2006-0894 Bugtraq ID: 16793