SCOOP! Multiple XSS vuln.
Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/scoop-multiple-xss-vuln.html vendor:http://scoop.cim.com.au/ affected version:2.3 and prior
SCOOP! is the innovative Australian web content management system that will change the way we see and manage the content of our web sites. The SCOOP! web content management system allows web site managers and owners to publish and manage web site content without any HTML or web scripting knowledge. SCOOP! employs browser based editing of web content and template management. Content managers rather than programmers or IT departments, can publish text and images through an intuitive browser based interface, from anywhere, anytime.
SCOOP!contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "keywords" and "username" "area" "articleZoneID" "r" parameters isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
attacker can chose wich parameters whe want to show/give to his target, using "category.asp" "articleZone.asp" "account_login.asp" "lostPassword.asp" "articleSearch.asp ", because in those scripts paramters isnt filtred,see examples below:
You can change to any paremters you want where script use some parameters:)
Solution: Edit the source code to ensure that input is properly sanitised.