| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Oct 2005 05:22:42 -0700 (PDT) From: alireza hassani <trueend5@...oo.com> To: bugtraq@...urityfocus.com Subject: XSS & Path Disclosure in Chipmunk's products Products: Chipmunk >> ( Forum , Topsites , Directory ) , [ Guestbook ] Versions: Tested: Last released of products Vendor: http://chipmunk-scripts.com Bug: ( XSS ) , [ Path Disclosure ] Exploitation: Remote --------------------------- Introduction: Chipmunk Forum is a small yet flexible and fully featured forum system. Chipmunk Topsites is a flexible topsite system utilizing PHP4/mysql. Chipmunk Directory is a powerful link indexing script. Chipmunk Guestbook is an easy to use yet powerful guestbook with a customizable layout --------------------------- vulnerability:XSS ( Forum , Topsites , Directory ) XSS Vulnerability in multiple PHP pages that may allow a remote user to launch cross-site scripting attacks. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. vulnerability:Path Disclosure [ Guestbook ] A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation path and other data. ---------------------------- Demonstration XSS URL : http://example.com/board/newtopic.php?forumID='%3C/a>%3CIFRAME%20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E http://example.com/board/quote.php?forumID='%3C/a>%3CIFRAME%20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E & [ board/index.php , board/reply.php ] http://example.com/topsites/recommend.php?ID='%3C/a>%3CIFRAME%20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E http://example.com/directory/recommend.php?entryID='%3C/a>%3CIFRAME%20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E Demonstration Path Disclosure URL : http://example.com/guestbook/index.php?start=' ----------------------------- Solution: There is no vendor-supplied patch for this issue at this time. ------------------------------- Credits: Discovered & released by trueend5 Security Science Researchers Institute Of Iran [KAPDA.ir] Original Advisory: http://irannetjob.com/content/view/148/28/ __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Powered by blists - more mailing lists