by r0t,der4444,cembo,VietMafia

Thursday, December 15, 2005

AtlantForum XSS vuln.

AtlantForum XSS vuln.

Vuln. discovered by : r0t
Date: 15 dec. 2005
vendor:www.atlantpro.com/atlfm.html
affected version:4.02 and prior, also AtlantForum Lite and AtlantForum Pro can have same vuln.


Product Description:

Message board featuring: Free or fee based membership subscribing, users can post/edit/delete/reply messages with photos and multimedia files; Search messages with keywords, photos, topics, posted by a user; Mail Lists; Script can work with text based or MySQL databases.

Vuln. Description:

AtlantForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "sch_allsubct" "before" "ct" paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


examples:

/atl.cgi?ct=&md=search&brf=&before=
&sch_allsubct=%22%3E%3Cscript%3Eal
ert('r0t')%3C/script%3E

/atl.cgi?ct=&md=search&brf=&before=
%22%3E%3Cscript%3Ealert('r0t')%3C/scr
ipt%3E

/atl.cgi?ct=%22%3E%3Cscript%3Ealert
('r0t')%3C/script%3E


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew