CuteNews show_news.php id Variable XSS

2004-06-28T09:26:05
ID OSVDB:7284
Type osvdb
Reporter DarkBicho(darkbicho@gmail.com)
Modified 2004-06-28T09:26:05

Description

Vulnerability Description

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "id" variable upon submission to the show_news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "id" variable upon submission to the show_news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/show_news.php?subaction=showcomments&id=<script>alert(document.cookie);</script>&archive=&start_from=&ucat=&

References:

Vendor URL: http://cutephp.com/ Secunia Advisory ID:11964 Related OSVDB ID: 7285 Related OSVDB ID: 7286 Related OSVDB ID: 7283 Other Advisory URL: http://www.darkbicho.iberhosting.net/advisory-11.txt Other Advisory URL: http://www.swp-zone.org/archivos/advisory-06.txt Nessus Plugin ID:12291 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0907.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0736.html ISS X-Force ID: 16525 CVE-2004-0660 Bugtraq ID: 10750