PHP-Nuke Journal Module Search Field XSS

2004-03-15T00:00:00
ID OSVDB:4290
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-03-15T00:00:00

Description

Vulnerability Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search' variables upon submission to the 'Journal' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search' variables upon submission to the 'Journal' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/nuke71/modules.php?name=Journal&file=search&disp=showsearch

References:

Vendor URL: http://phpnuke.org/ Secunia Advisory ID:11135 Related OSVDB ID: 4286 Related OSVDB ID: 4287 Related OSVDB ID: 4288 Related OSVDB ID: 4289 Other Advisory URL: http://www.waraxe.us/?modname=sa&id=005 Keyword: waraxe-2004-SA#005