e107 signup.php Query String (PATH_INFO) Variable XSS

2006-09-13T22:27:15
ID OSVDB:30984
Type osvdb
Reporter zark0vac()
Modified 2006-09-13T22:27:15

Description

Vulnerability Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the signup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PATH_INFO' variable (i.e. the Query String) upon submission to the signup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://e107.org/ Related OSVDB ID: 30981 Related OSVDB ID: 30982 Related OSVDB ID: 30983 Related OSVDB ID: 30980 Related OSVDB ID: 30986 Related OSVDB ID: 30979 Related OSVDB ID: 30985 Related OSVDB ID: 30987 Generic Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/19997.html CVE-2006-4794 Bugtraq ID: 19997