PHP-Nuke Search Module index.php Multiple Variable XSS

2004-07-16T00:00:00
ID OSVDB:7949
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-07-16T00:00:00

Description

Vulnerability Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input variables upon submission to the Search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input variables upon submission to the Search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/nuke73/modules.php?name=Search

and enter into input field something like this: 1"><body onload="alert(document.cookie);

References:

Vendor URL: http://phpnuke.org Related OSVDB ID: 7950 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=35 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0176.html Keyword: waraxe-2004-SA#035 CVE-2004-0732