Indexu upgrade.php gateway Variable XSS

2007-01-16T08:03:43
ID OSVDB:32838
Type osvdb
Reporter AL-garnei(m-0-t@hotmail com)
Modified 2007-01-16T08:03:43

Description

Vulnerability Description

Indexu contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'gateway' variable upon submission to the upgrade.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Indexu contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'gateway' variable upon submission to the upgrade.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS]

References:

Vendor URL: http://nicecoder.com/ Secunia Advisory ID:23764 Related OSVDB ID: 32839 Related OSVDB ID: 32841 Related OSVDB ID: 32842 Related OSVDB ID: 32844 Related OSVDB ID: 32851 Related OSVDB ID: 32843 Related OSVDB ID: 32847 Related OSVDB ID: 32840 Related OSVDB ID: 32849 Related OSVDB ID: 32850 Related OSVDB ID: 32845 Related OSVDB ID: 32846 Related OSVDB ID: 32848 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0404.html ISS X-Force ID: 31538 FrSIRT Advisory: ADV-2007-0222 CVE-2007-0364 Bugtraq ID: 22084