PostNuke index.php catid Variable XSS

2002-03-22T00:00:00
ID OSVDB:5503
Type osvdb
Reporter Scott(rootkidd@email.com)
Modified 2002-03-22T00:00:00

Description

Vulnerability Description

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the catid variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Francisco Burzi has released a patch to address this vulnerability.

Short Description

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the catid variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/index.php?catid=<script>alert(document.cookie)</script>

References:

Vendor URL: http://www.postnuke.org Related OSVDB ID: 5502 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html ISS X-Force ID: 8605 Bugtraq ID: 4350