Pivot blogroll.php Multiple Variable XSS

2006-07-07T03:34:04
ID OSVDB:27127
Type osvdb
Reporter rgod(rgod@autistici.org)
Modified 2006-07-07T03:34:04

Description

Vulnerability Description

Pivot contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fg', 'line1', 'line2', 'bg', 'c1', 'c2', 'c3', and 'c4' variables upon submission to the blogroll.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Pivot contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fg', 'line1', 'line2', 'bg', 'c1', 'c2', 'c3', and 'c4' variables upon submission to the blogroll.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/pivot/includes/blogroll.php?fg=[XSS] http://[target]/[path]/pivot/includes/blogroll.php?line1=[XSS] http://[target]/[path]/pivot/includes/blogroll.php?line2=[XSS] http://[target]/[path]/pivot/includes/blogroll.php?bg=[XSS] http://[target]/[path]/pivot/includes/blogroll.php?c1=[XSS] http://[target]/[path]/pivot/includes/blogroll.php?c2=[XSS] http://[target]/[path]/pivot/includes/blogroll.php?c3=[XSS] http://[target]/[path]/pivot/includes/blogroll.php?c4=[XSS]

References:

Vendor URL: http://www.pivotlog.net/ Secunia Advisory ID:20962 Related OSVDB ID: 27128 Related OSVDB ID: 27126 Related OSVDB ID: 27129 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0088.html ISS X-Force ID: 27672 FrSIRT Advisory: ADV-2006-2744 CVE-2006-3533 Bugtraq ID: 18881