PHP-Nuke Journal Module add.php filelist Variable XSS

2004-06-23T00:00:00
ID OSVDB:7230
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-06-23T00:00:00

Description

Vulnerability Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "filelist" variable upon submission to the "add.php" script in the Journal module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "filelist" variable upon submission to the "add.php" script in the Journal module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/nuke73/modules.php?name=Journal&file=add&filelist[]=[XSS CODE]

References:

Vendor URL: http://phpnuke.org Secunia Advisory ID:11920 Related OSVDB ID: 7224 Related OSVDB ID: 7226 Related OSVDB ID: 7229 Related OSVDB ID: 7234 Related OSVDB ID: 7223 Related OSVDB ID: 7227 Related OSVDB ID: 7232 Related OSVDB ID: 7233 Related OSVDB ID: 7235 Related OSVDB ID: 7236 Related OSVDB ID: 7225 Related OSVDB ID: 7228 Related OSVDB ID: 7231 Other Advisory URL: http://www.waraxe.us/?modname=sa&id=033 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0739.html