PHP-Nuke FAQ Module categories Variable XSS

2004-06-11T10:09:03
ID OSVDB:6997
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-06-11T10:09:03

Description

Vulnerability Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "categories" variable upon submission to the FAQ module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "categories" variable upon submission to the FAQ module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/nuke73/modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=[XSS CODE]

References:

Secunia Advisory ID:11852 Related OSVDB ID: 6999 Related OSVDB ID: 7001 Related OSVDB ID: 7000 Related OSVDB ID: 6998 Related OSVDB ID: 7002 Related OSVDB ID: 7003 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=32 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0038.html ISS X-Force ID: 16406 CVE-2005-1023 Bugtraq ID: 10524