Indexu register.php Multiple Variable XSS

2007-01-16T08:03:43
ID OSVDB:32846
Type osvdb
Reporter AL-garnei(m-0-t@hotmail com)
Modified 2007-01-16T08:03:43

Description

Vulnerability Description

Indexu contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error_msg', 'username', 'password', 'password2' and 'email' variables upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Indexu contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error_msg', 'username', 'password', 'password2' and 'email' variables upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/INDEXU_PATH/register.php?error_msg=[XSS] http://[target]/INDEXU_PATH/register.php?username=[XSS] http://[target]/INDEXU_PATH/register.php?password=[XSS] http://[target]/INDEXU_PATH/register.php?password2=[XSS] http://[target]/INDEXU_PATH/register.php?email=[XSS]

References:

Vendor URL: http://nicecoder.com/ Secunia Advisory ID:23764 Related OSVDB ID: 32839 Related OSVDB ID: 32841 Related OSVDB ID: 32842 Related OSVDB ID: 32844 Related OSVDB ID: 32851 Related OSVDB ID: 32843 Related OSVDB ID: 32847 Related OSVDB ID: 32838 Related OSVDB ID: 32840 Related OSVDB ID: 32849 Related OSVDB ID: 32850 Related OSVDB ID: 32845 Related OSVDB ID: 32848 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0404.html ISS X-Force ID: 31538 FrSIRT Advisory: ADV-2007-0222 CVE-2007-0364 Bugtraq ID: 22084