by r0t,der4444,cembo,VietMafia

Friday, December 16, 2005

ScareCrow Message Board XSS vuln.

ScareCrow Message Board XSS vuln.

Vuln. discovered by : r0t
Date: 16 dec. 2005
vendor:http://scarecrow.sourceforge.net/
affected version:2.13 and prior

Product Description:

ScareCrow is a fully featured and free message board system. It is meant to be both powerful and easy to use, for the users and the administrator. Released under the GPL License, ScareCrow hopes to gather a great community of users and developers to make it the best message board in existance.

Vuln. Description:

ScareCrow Message Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "forum" "user" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.



examples:

/forum.cgi?forum=[XSS]
/profile.cgi?action=view&user=[XSS]
/post.cgi?action=new&forum=[XSS]


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew