DGNews footer.php copyright Variable XSS

2007-05-28T00:00:00
ID OSVDB:34228
Type osvdb
Reporter Jesper Jurcenoks(jesper.jurcenoks@netvigilance.com)
Modified 2007-05-28T00:00:00

Description

Vulnerability Description

DGNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'copyright' variable upon submission to the footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DGNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'copyright' variable upon submission to the footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[PRODUCT-DIRECTORY]/footer.php?copyright=<script>alert(document.cookie)</script>

References:

Vendor URL: http://www.diangemilang.com/dgscripts.php Secunia Advisory ID:25438 Related OSVDB ID: 34227 Related OSVDB ID: 34226 Other Advisory URL: http://www.netvigilance.com/advisory0023 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0509.html ISS X-Force ID: 34537 FrSIRT Advisory: ADV-2007-1981 CVE-2007-0694 Bugtraq ID: 24200