AttilaPHP user_action.php3 Multiple Variable XSS

2003-08-18T10:01:05
ID OSVDB:3679
Type osvdb
Reporter Gregory Le Bras(gregory.lebras@security-corporation.com)
Modified 2003-08-18T10:01:05

Description

Vulnerability Description

AttilaPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Titre", "Texte", and "Texte associé au lien" variables upon submission to the "user_action.php3" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

AttilaPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Titre", "Texte", and "Texte associé au lien" variables upon submission to the "user_action.php3" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/www/user_action.php3?op=enter_text&rubrique=[rubrique_id]

Hostile script can be inserted in the "Titre", "Texte", and "Texte associé au lien" field.

References:

Vendor URL: http://www.attila-php.net/ Secunia Advisory ID:9554 Other Advisory URL: http://www.securiteam.com/unixfocus/5ZP0I2AAUW.html Keyword: Security Corporation Security Advisory [SCSA-020] ISS X-Force ID: 12943