lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030401130828.24528.qmail@www.securityfocus.com>
Date: 1 Apr 2003 13:08:28 -0000
From: magistrat <magistrat@...cus-zone.com>
To: bugtraq@...urityfocus.com
Subject: Css in Xoops module glossary 1.3.x




Author: Magistrat
Date: 30/03/2003
Object: XOOPS glossary Module Input Filtering Bug Allows Remote Users to 
Conduct Cross-Site Scripting Attacks
Impact: Disclosure of authentication information, Execution of arbitrary 
code via network, Modification of user information, User access via network
Fix: yes

--------------------------------------------------

After the module quizz and private message of xoops, i have found an 
another risk in glossary whit some test on Web sites using xoops versions 
1.3.8 to 1.3.9 ( Glossary on V2.0 is not holed )

Description of glossary module :

This is just the module on xoops who permit to make dictionnary with 
search engine.

--------------------------------------------------
The vulnerability : 

A remote user can conduct cross-site scripting attacks against this module 
and send a message like this :

<url=http://www.blocus-zone.com/modules/glossaire/glossaire-aff.php?
lettre=<IMG%20SRC="http://www.blocus-
zone.com/modules/news/images/topics/smblocus.gif">]click here for 
register</url>

We obtain:

http://www.blocus-zone.com/modules/news/images/topics/bugblocus.jpg

( Note that the code that we have presented here is not dangerous, however 
there is some codes
much more malicious to steal the admin c o o k i e )

--------------------------------------------------
History: 

the team of xoops dévellopement as her community was prevented on 
11/24/2003. Patch are not available by xoops developer. Moreover, the 
author of the glossary module for 1.3.x versions, work now for an another 
content management system. 

Solution:

in glossaire-aff.php, add this script :
-----------------------------------------------

foreach ($_REQUEST as $key=>$value) {
$value=htmlspecialchars($value,ENT_QUOTES);
${$key} = $value;
$_GET[$key] = $value;
$HTTP_GET_VARS[$key] = $value;
}
-----------------------------------------------

thanks:
to frogman from phpsecure.org > 
http://www.phpsecure.org

(sorry for my poor english )

Regards
Magistrat

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ