e107 "email article to a friend" Feature XSS

2004-05-29T14:42:39
ID OSVDB:6527
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-05-29T14:42:39

Description

Vulnerability Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "logged name" variables upon submission to the "email article to a friend" feature. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 0.616 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known worka

Short Description

e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "logged name" variables upon submission to the "email article to a friend" feature. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

Example: foobar'><body onload=alert(document.cookie);>

References:

Secunia Advisory ID:11740 Related OSVDB ID: 6525 Related OSVDB ID: 6526 Related OSVDB ID: 6528 Related OSVDB ID: 6529 Related OSVDB ID: 6530 Related OSVDB ID: 6531 Related OSVDB ID: 6533 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=31 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/1442.html Bugtraq ID: 10436