PSnews index.php Multiple Variable XSS

2004-09-05T00:00:00
ID OSVDB:9786
Type osvdb
Reporter Michal Blaszczak(wacky@nicponie.org)
Modified 2004-09-05T00:00:00

Description

Vulnerability Description

PSnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'show_all' and 'add_kom' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PSnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'show_all' and 'add_kom' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/index.php?function=show_all&no=%253cscript>alert%2528document.cookie);%253c/script> http://[victim]/index.php?function=add_kom&no=">%20<font%20size="20"%20color=red>%20<b>%20WackY%20%20</font>

References:

Vendor URL: http://www.imps.pl/ Security Tracker: 1011191 Nessus Plugin ID:14685 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0066.html ISS X-Force ID: 17302 CVE-2004-1665 Bugtraq ID: 11124