auraCMS teman.php judul_artikel Variable XSS

2006-07-06T03:48:32
ID OSVDB:28200
Type osvdb
Reporter inversFX(inversfx@yahoo.com)
Modified 2006-07-06T03:48:32

Description

Vulnerability Description

auraCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'judul_artikel' variable upon submission to the 'teman.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

auraCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'judul_artikel' variable upon submission to the 'teman.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/teman.php?judul_artikel=<script>alert("vulnerable")</script>

References:

Vendor URL: http://www.auracms.tk/ Related OSVDB ID: 28202 Related OSVDB ID: 28201 Other Advisory URL: http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0090.html CVE-2006-3558 Bugtraq ID: 18867