PopnupBlog index.php multiple variables XSS
Page 1 of 1
PopnupBlog index.php multiple variables XSS
##########################################
PopnupBlog index.php multiple variables XSS
Vendor url:http://www.bluemooninc.biz/
Vendor notify:no exploits availables:yes
##########################################
PopnupBlog contains a flaw that allows a remote
cross site scripting attack.This flaw exists because
the application does not validate 'param' , 'cat_id' and
'view' variables upon submission to 'index.php' script.
This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server,
leading loss ofintegrity.
##########
versions
##########
PopnupBlog 3.20 code name: Denali
Prior versions can be vulnerables too.
it affects This type CMS Systems if we
have instaled this module:
Xoops
e-xoops
ImpressCMS
Bcoos
and other that uses xoops code and this module.
############
Solution
############
No solution at this time !!!
But you can edit the source code and ix it like:
for fix 'param' open index.php and arround line 37 we have
add a line to force 'param' to return a integer:
for fix 'cat_id' and 'view' open index.php and arround line 129 :
add intval to force variables to return an integer like:
###########
Examples
###########
http://localhost/modules/popnupblog/index.php?param=1
">[XSS-CODE]&start=0,10&cat_id=&view=1
http://localhost/modules/popnupblog/index.php?param=
&start=0,10&cat_id=">[XSS-CODE]&view=1
http://localhost/modules/popnupblog/index.php?param=
&start=0,10&cat_id=&view=1">[XSS-CODE]
############## €nd ###################
PopnupBlog index.php multiple variables XSS
Vendor url:http://www.bluemooninc.biz/
Vendor notify:no exploits availables:yes
##########################################
PopnupBlog contains a flaw that allows a remote
cross site scripting attack.This flaw exists because
the application does not validate 'param' , 'cat_id' and
'view' variables upon submission to 'index.php' script.
This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server,
leading loss ofintegrity.
##########
versions
##########
PopnupBlog 3.20 code name: Denali
Prior versions can be vulnerables too.
it affects This type CMS Systems if we
have instaled this module:
Xoops
e-xoops
ImpressCMS
Bcoos
and other that uses xoops code and this module.
############
Solution
############
No solution at this time !!!
But you can edit the source code and ix it like:
for fix 'param' open index.php and arround line 37 we have
- Code:
$params = PopnupBlogUtils::getDateFromHttpParams();
$start = PopnupBlogUtils::getStartFromHttpParams();
$view = $BlogCNF['default_view'];
$select_uid = isset($_GET['uid']) ? intval($_GET['uid']) : 0;
add a line to force 'param' to return a integer:
- Code:
$_GET['param'] = intval($_GET['param']);
$params = PopnupBlogUtils::getDateFromHttpParams();
$start = PopnupBlogUtils::getStartFromHttpParams();
$view = $BlogCNF['default_view'];
$select_uid = isset($_GET['uid']) ? intval($_GET['uid']) : 0;
for fix 'cat_id' and 'view' open index.php and arround line 129 :
- Code:
$xoopsTpl->assign('popimg',PopnupBlogUtils::mail_popimg()); // get email
$cat_id=0;
if (isset($_GET['cat_id'])) $cat_id = $_GET['cat_id'];
if (isset($_POST['cat_id'])) $cat_id = $_POST['cat_id'];
$xoopsTpl->assign('popnupblog', PopnupBlogUtils::get_blog_list($start,$cat_id,$select_uid));
if (isset($_GET['view'])) $view = $_GET['view'];
if (isset($_POST['view'])) $view = $_POST['view'];
add intval to force variables to return an integer like:
- Code:
$xoopsTpl->assign('popimg',PopnupBlogUtils::mail_popimg()); // get email
$cat_id=0;
if (isset($_GET['cat_id'])) $cat_id = intval($_GET['cat_id']);
if (isset($_POST['cat_id'])) $cat_id = intval($_POST['cat_id']);
$xoopsTpl->assign('popnupblog', PopnupBlogUtils::get_blog_list($start,$cat_id,$select_uid));
if (isset($_GET['view'])) $view = intval($_GET['view']);
if (isset($_POST['view'])) $view = intval($_POST['view']);
###########
Examples
###########
http://localhost/modules/popnupblog/index.php?param=1
">[XSS-CODE]&start=0,10&cat_id=&view=1
http://localhost/modules/popnupblog/index.php?param=
&start=0,10&cat_id=">[XSS-CODE]&view=1
http://localhost/modules/popnupblog/index.php?param=
&start=0,10&cat_id=&view=1">[XSS-CODE]
############## €nd ###################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Webmatic 3.0.3 Multiple cross.site scripting
» Wowd search client multiple variable xss
» Multiple Redirects
» DHCart Multiple variable XSS and stored XSS
» Multiple vulnerabilities in MC Content Manager
» Wowd search client multiple variable xss
» Multiple Redirects
» DHCart Multiple variable XSS and stored XSS
» Multiple vulnerabilities in MC Content Manager
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|