by r0t,der4444,cembo,VietMafia

Thursday, December 15, 2005

DCForum XSS vuln.

DCForum XSS vuln.

Vuln. discovered by : r0t
Date: 15 dec. 2005
vendor:www.dcscripts.com/dcforum.shtml
affected version: 6.25 and prior



Product Description:

DCForum a complete bulletin board system from DCScripts. Its main features include: Multiple Forums, Efficient implementation, fast performance, Clean and intuitive user interface, Easy customization, Supports both Fully threaded and linear style discussion, Three levels of forum types - public, protected, and private, Three-level navigation - Lobby, Main, and Topic, Topics stored as both text-delimited database file and html file, and much more.

Vuln.description:

DCForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "page" and search module paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


example:

/dcboard.php?az=show_topic&forum=46&topic_id=
2215&mesg_id=2215&page=[XSS]



Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew