Professional Webmasters Community
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Professional Webmasters Community

your are free to explore your reviews, thoughts, suggestion and guidelines on every online tech talk.


Webmatic 3.0.3 Multiple cross.site scripting

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

Go down

Webmatic 3.0.3 Multiple cross.site scripting Empty Webmatic 3.0.3 Multiple cross.site scripting

Post  andry Thu Sep 23, 2010 4:25 am


#################################
Webmatic 3.0.3 Multiple cross.site scripting
Vendor URL:valarsoft.com
Vendor notified: YES
#################################

Webmatic contains a flaw that allows a remote cross site
scripting attack. This flaw exists because the application
does not validate multiple variables and form fields upon
submission to the 'index.php' script. This could allow a
user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of integrity.


##############
Versions
##############

valarsoft webmatic 3.0.3

It´s posible that prior versions
are afected


################
TimeLIne
##############

Discovered 13-01-2010
Vendor notify: 14-03-2010
vendor response:15-03-2010
Disclosure: 19-03-2010

###############
Private messages
################

Subject field form is vulnerable

a attacker can compose a PM with a malformed title
and it is executed wen the victims view his inbox
or open the PM.


#################
Forums
#################

Search field form ,filer variable
and title form field affected.

a attacker can compose a post with a malformed title
and wen a victim try to browse the forum the xss is
executed, also the attacker can compose a search url
with xss in filter variable or put the xss in search
form field to execute it.

##################
Chat room
###################

Nickname form field affected

a attacker can use a malformed nick name with xss and
wen he join in a channel the xss is executed in all
channel´s users.

######################
News
####################

Title form filed affected

a attacker can compose a new with a malformed title and
wen a user browse the news sections the xss is executed
also if the new has a "resume" in home page, all users
wen load the page are afected by xss.

pg variable affected

a attacker can compose a malformed URL in news sections and
insert some xss code in 'pg' variable , wen a victim clink in
this url the xss is executed.

#########################
banners section
#########################

Title and label form fields

A remote user can add a banner
with a malformed title or/and malformed label
wen the attacker visit his banner the xss is executed
in his own banner management.
Also if a victim visit this banner the xss is executed.

############################€ND#############################
andry
andry
Moderator
Moderator

Posts : 467
Join date : 2010-05-07

Back to top Go down

Back to top

- Similar topics

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

 
Permissions in this forum:
You cannot reply to topics in this forum