Cart32 c32web.exe GetLatestBuilds XSS

2004-06-29T03:28:44
ID OSVDB:7280
Type osvdb
Reporter Dr`Ponidi(drponidi@hackermail.com)
Modified 2004-06-29T03:28:44

Description

Vulnerability Description

Cart32 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "GetLatestBuilds?cart32" variable upon submission to the c32web.exe script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Cart32 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "GetLatestBuilds?cart32" variable upon submission to the c32web.exe script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/scripts/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script> http://[victim]/cgi-bin/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>

References:

Vendor URL: http://www.cart32.com/ Secunia Advisory ID:11951 Related OSVDB ID: 7279 Other Advisory URL: http://www.net-security.org/vuln.php?id=3548 Other Advisory URL: http://seclists.org/lists/bugtraq/2004/Jul/0031.html Other Advisory URL: http://www.securiteam.com/windowsntfocus/5EP0Q2AD5M.html Other Advisory URL: http://www.winnetmag.com/Article/ArticleID/43119/43119.html CVE-2004-0675