Password Protect users_add.asp ShowMsg Variable XSS

2004-08-30T18:26:26
ID OSVDB:9374
Type osvdb
Reporter Criolabs Staff(security@criolabs.net)
Modified 2004-08-30T18:26:26

Description

Vulnerability Description

Password Protect contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "ShowMsg" variable upon submission to the "users_add.asp" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Password Protect contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "ShowMsg" variable upon submission to the "users_add.asp" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/adminSection/users_add.asp?showmsg=<script>alert('xss')</script>

References:

Vendor URL: http://www.webanimations.com.au/ Vendor URL: http://www.webanimations.com.au/shop/Scripts/prodView.asp?idproduct=16 Security Tracker: 1011093 Secunia Advisory ID:12407 Related OSVDB ID: 9371 Related OSVDB ID: 9373 Related OSVDB ID: 9369 Related OSVDB ID: 9375 Related OSVDB ID: 9370 Related OSVDB ID: 9372 Related OSVDB ID: 9376 Related OSVDB ID: 9377 Other Advisory URL: http://www.criolabs.net/advisories/passprotect.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0017.html CVE-2004-1648