MS Analysis for PHP-Nuke modules.php Multiple Variable XSS

2004-03-22T09:57:44
ID OSVDB:4544
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-03-22T09:57:44

Description

Vulnerability Description

MS Analysis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "screen", "sortby" or "overview" variables upon submission to the modules.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MS Analysis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "screen", "sortby" or "overview" variables upon submission to the modules.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/nuke70/modules.php?name=MS_Analysis&file=index&op=MSAnalysisGeneral&screen=>[XSS code]&overview=1&sortby=

http://[victim]localhost/nuke70/modules.php?name=MS_Analysis&file=index&op=MSAnalysisGeneral&screen=3&overview=1&sortby=>[XSS code]

http://[victim]/nuke70/modules.php?name=MS_Analysis&file=index&op=MSAnalysisGeneral&screen=13&overview=>[XSS code]&sortby=

References:

Vendor URL: http://www.matyscripts.com/ Secunia Advisory ID:11203 Related OSVDB ID: 4543 Related OSVDB ID: 4545 Related OSVDB ID: 16642 Related OSVDB ID: 16643 Related OSVDB ID: 4929 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0216.html Keyword: waraxe-2004-SA#011 CVE-2004-1840