Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

cpaint202XSS.txt

🗓️ 13 Feb 2006 00:00:00Reported by gulftech.orgType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 44 Views

CPAINT <= 2.0.2 Cross Site Scriptin

Code
`##########################################################  
# GulfTech Security Research February 9, 2006  
##########################################################  
# Vendor : CPAINT  
# URL : http://sourceforge.net/projects/cpaint  
# Version : CPAINT <= 2.0.2  
# Risk : Cross Site Scripting  
##########################################################  
  
  
Description:  
CPAINT (Cross-Platform Asynchronous INterface Toolkit) is a  
multi-language toolkit that helps web developers design and  
implement AJAX web applications with ease and flexibility.  
CPAINT does not sanitize all user supplied data properly  
which leads to cross site scripting. This makes not only  
CPAINT vulnerable, but the applications that use CPAINT as  
a third party library are vulnerable as well.  
  
  
  
Cross Site Scripting:  
There is a cross site scripting issue in CPAINT versions  
prior to 2.0.3 that allows for a malicious user to conduct  
cross site scripting attacks against the application using  
the CPAINT libraries.  
  
http://cpaint/script.php?cpaint_response_type=%3Ciframe%20  
src=http://www.gulftech.org/%3E  
  
The above is an example of the Cross Site Scripting issue.  
Note that script.php is just symbolic as the name of the  
script would obviously be the script making use of the CPAINT  
library. The vulnerability occurs in this case within the  
file cpaint2.inc.php @ lines 169-172  
  
// determine response type  
if (isset($_REQUEST['cpaint_response_type'])) {  
$this->response_type = strtoupper((string)   
$_REQUEST['cpaint_response_type']);  
} // end: if  
  
The above code causes the response_type variable to become  
whatever the attacker wants it to be, and is later used in  
a switch statement where it is echoed back to the end user.  
This vulnerability can lead to disclosure of client side  
data and possibly aid in social attacks.  
  
  
  
Solution:  
Thanks to Paul Sullivan for a very quick resolution to this  
issue ( about 24hrs, very good :) ) A new version of CPAINT  
is now available and users should upgrade to CPAINT 2.0.3  
  
http://cpaint.booleansystems.com/forums/viewtopic.php?t=98  
  
The above url contains additional download information such  
as where to find the latest available version.  
  
  
  
Related Info:  
The original advisory can be found at the following location  
http://www.gulftech.org/?node=research&article_id=00097-02092006  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4
cpaintcross site scriptingsecurity vulnerabilityajaxvulnerable libraryversion 2.0.2gulftech securitybooleansystems
44