|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12438] phpWebSite Cross-Site Scripting and Script Insertion Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Sep 03 2004 - 10:19:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
phpWebSite Cross-Site Scripting and Script Insertion Vulnerabilities
SECUNIA ADVISORY ID:
SA12438
VERIFY ADVISORY:
http://secunia.com/advisories/12438/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Manipulation of data
WHERE:
From remote
SOFTWARE:
phpWebSite 0.x
http://secunia.com/product/297/
DESCRIPTION:
James Bercegay has reported some vulnerabilities in phpWebSite,
allowing malicious people to conduct cross-site scripting and script
insertion attacks.
1) Input passed to the "pid" parameter in "index.php" is not
sanitised before being returned to authenticated users. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable site by tricking a user
into visiting a malicious website or follow a specially crafted
link.
Example:
http://[host]/index.php?module=comments&CM_op=replyToComment&CM_pid=1[code]
2) The calendar module does not sanitise input passed in the
"cal_template" field before being used in a SQL query. This can be
exploited to inject arbitrary SQL code when a malicious event is
approved by the administrator.
3) Input passed to the subject and message fields are not sanitised
before being included in a stored note. This can be exploited to
execute arbitrary script code in a user's browser session in context
of an affected site when the note module is accessed.
The vulnerabilities reportedly affect version 0.9.3-4 and prior.
SOLUTION:
Apply patch:
http://www.phpwebsite.appstate.edu/downloads/security/
PROVIDED AND/OR DISCOVERED BY:
James Bercegay, GulfTech Security Research Team.
ORIGINAL ADVISORY:
http://www.gulftech.org/?node=research&article_id=00048-08312004
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]