TUTOS app_new.php t Variable XSS

2004-04-13T10:55:50
ID OSVDB:5327
Type osvdb
Reporter François Sorin(francois.sorin@kereval.com)
Modified 2004-04-13T10:55:50

Description

Vulnerability Description

TUTOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 't' variable upon submission to the "app_new.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.1.20040412 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

TUTOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 't' variable upon submission to the "app_new.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/app_new.php?t=200408240<script>alert(document.cookie)</script>

References:

Vendor URL: http://www.tutos.org/ Security Tracker: 1009750 Security Tracker: 1011363 Secunia Advisory ID:11354 Secunia Advisory ID:18954 Related OSVDB ID: 5328 Related OSVDB ID: 5326 Related OSVDB ID: 5329 Other Advisory URL: http://www.debian.org/security/2006/dsa-980 Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0007.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0239.html Keyword: KSA-005 ISS X-Force ID: 15852 CVE-2004-2162 Bugtraq ID: 10129