Utopia News Pro login.php password Variable XSS

2007-06-17T00:00:00
ID OSVDB:34165
Type osvdb
Reporter Jesper Jurcenoks(jesper.jurcenoks@netvigilance.com)
Modified 2007-06-17T00:00:00

Description

Vulnerability Description

Utopia News Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the password variable upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.4.0 (Released post June 22 2007) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Utopia News Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the password variable upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/login.php?username=admin &password=%22%3E%3Cscript%3Ealert(document.cookies)%3C/script%3E

References:

Secunia Advisory ID:25702 Related OSVDB ID: 34165 Other Advisory URL: http://www.netvigilance.com/advisory0034 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0370.html Mail List Post: http://www.securityfocus.com/archive/1/archive/1/471626/100/0/threaded ISS X-Force ID: 34902 FrSIRT Advisory: ADV-2007-2236 CVE-2007-3129 Bugtraq ID: 24506