CensorNet dansguardian.pl DENIEDURL Variable XSS

2003-10-23T07:43:06
ID OSVDB:2748
Type osvdb
Reporter Richard Maudsley(maudr001@rbwm.org)
Modified 2003-10-23T07:43:06

Description

Vulnerability Description

CensorNet contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "DENIEDURL" variable upon submission to the "dansguardian.pl" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CensorNet contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "DENIEDURL" variable upon submission to the "dansguardian.pl" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert(document.domain)</script>

References:

Vendor URL: http://www.intrago.co.uk/products/censornet.php Vendor URL: http://www.censornet.com Security Tracker: 1007988 Secunia Advisory ID:10065 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0226.html ISS X-Force ID: 13507 Bugtraq ID: 8876