PhpMyFactures ajouter_produit.php msg Variable XSS

2006-06-10T10:18:58
ID OSVDB:26480
Type osvdb
Reporter DarkFig(gmdarkfig@gmail.com)
Modified 2006-06-10T10:18:58

Description

Vulnerability Description

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the ajouter_produit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PhpMyFactures contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the ajouter_produit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[...]/produits/ajouter_produit.php?msg=[XSS]

References:

Vendor URL: http://www.comscripts.com/scripts/php.phpmyfactures.1475.html Secunia Advisory ID:20642 Related OSVDB ID: 26483 Related OSVDB ID: 26478 Related OSVDB ID: 26481 Related OSVDB ID: 26484 Related OSVDB ID: 26467 Related OSVDB ID: 26482 Related OSVDB ID: 26486 Related OSVDB ID: 26477 Related OSVDB ID: 26479 Related OSVDB ID: 26485 Other Advisory URL: http://www.acid-root.new.fr/advisories/phpmyfactures.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0248.html CVE-2006-3089