Indexu tell_friend.php Multiple Variable XSS

2007-01-16T08:03:43
ID OSVDB:32842
Type osvdb
Reporter AL-garnei(m-0-t@hotmail com)
Modified 2007-01-16T08:03:43

Description

Vulnerability Description

Indexu contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'friend_name', 'friend_email', 'error_msg', 'my_name', 'my_email' and 'id' variables upon submission to the tell_friend.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Indexu contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'friend_name', 'friend_email', 'error_msg', 'my_name', 'my_email' and 'id' variables upon submission to the tell_friend.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/INDEXU_PATH/tell_friend.php?friend_name=[XSS] http://[target]/INDEXU_PATH/tell_friend.php?friend_email=[XSS] http://[target]/INDEXU_PATH/tell_friend.php?error_msg=[XSS] http://[target]/INDEXU_PATH/tell_friend.php?my_name=[XSS] http://[target]/INDEXU_PATH/tell_friend.php?my_email=[XSS] http://[target]/INDEXU_PATH/tell_friend.php?id=[XSS]

References:

Vendor URL: http://nicecoder.com/ Secunia Advisory ID:23764 Related OSVDB ID: 32839 Related OSVDB ID: 32841 Related OSVDB ID: 32844 Related OSVDB ID: 32851 Related OSVDB ID: 32843 Related OSVDB ID: 32847 Related OSVDB ID: 32838 Related OSVDB ID: 32840 Related OSVDB ID: 32849 Related OSVDB ID: 32850 Related OSVDB ID: 32845 Related OSVDB ID: 32846 Related OSVDB ID: 32848 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0404.html ISS X-Force ID: 31538 FrSIRT Advisory: ADV-2007-0222 CVE-2007-0364 Bugtraq ID: 22084