JAWS index.php action Variable XSS

2004-07-06T01:19:48
ID OSVDB:7723
Type osvdb
Reporter Fernando Quintero(nando@gigax.org)
Modified 2004-07-06T01:19:48

Description

Vulnerability Description

JAWS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "action" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade index.php to the current version available from vendor site, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. This does not constitue an upgrade to the product, but rather a patch.

Short Description

JAWS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "action" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/jaws/index.php?gadget=[valid gadget]&action=<script>alert('Colombia Rulx!!');</script>

References:

Vendor URL: http://www.jaws.com.mx/ Security Tracker: 1010651 Related OSVDB ID: 7724 Related OSVDB ID: 7720 Related OSVDB ID: 7721 Related OSVDB ID: 7722 Other Advisory URL: http://www.securiteam.com/unixfocus/5KP0H0ADFU.html Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2004-July/023512.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html ISS X-Force ID: 16621 CVE-2004-2444 Bugtraq ID: 10670