Mozilla Bonsai cvsblame.cgi Multiple Variable XSS

2002-08-19T22:58:09
ID OSVDB:5460
Type osvdb
Reporter Stan Bubrouski(stan@ccs.neu.edu)
Modified 2002-08-19T22:58:09

Description

Vulnerability Description

Bonsai contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "root" or "file" variables upon submission to the "cvsblame.cgi" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

Bonsai is not distributed as a versioned package. To determine if you are vulnerable to this issue, check the date you checked out a copy of the package. If the check out was done before 2002-08-28, you are likely vulnerable.

Solution Description

Upgrade to the latest version by checking out a new copy via CVS, as it has been reported to fix this vulnerability. Debian Linux has released an independant patch to address this vulnerability.

Short Description

Bonsai contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "root" or "file" variables upon submission to the "cvsblame.cgi" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/webtools/bonsai/cvsblame.cgi?file=/index.html&root=<script>alert(document.domain)</script>

http://[victim]/webtools/bonsai/cvsblame.cgi?file=<script>alert(document.domain)</script>

References:

Vendor URL: http://www.mozilla.org/bonsai.html Vendor Specific Advisory URL Security Tracker: 1005107 Secunia Advisory ID:8381 Related OSVDB ID: 5459 Related OSVDB ID: 5462 Related OSVDB ID: 5461 Related OSVDB ID: 5463 Related OSVDB ID: 5634 Related OSVDB ID: 5458 Related OSVDB ID: 5457 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0194.html ISS X-Force ID: 9920 CVE-2003-0154 Bugtraq ID: 5516