by r0t,der4444,cembo,VietMafia

Saturday, December 03, 2005

Sitebeater News System XSS vuln.

Sitebeater News System XSS vuln.
Vuln. dicovered by : r0t
Date: 3 dec. 2005
Vendor:http://www.sitebeater.com/News/
affected version: 4.00 and prior

Product Description:
News Features: mailing lists, polls, themes, attachments, search, categories, related article links, send to friends, discuss article, independent editors, more! Uses ASP & MSSQL. Also includes all of this: Portal creation system and user management, polls, mailing lists, themes, macros, account groups, user profiling, custom rights, API, more! Available plug-ins include: Message Board, Image Gallery, MP3 Catalog and News Systems. Uses ASP & MSSQL. User Management System, polls, mailing lists. Features: cross-domain user management, sharing of user data across domains, custom user rights, group management, unlimited profiling, API, more! Uses ASP & MSSQL Complete image display system for your website. Requires ASP & MSSQL. Includes dynamic creation of thumbnails, image upload, locked galleries, .zip or ftp bulk import, unlimited categories, more. With unlimited expandability, flexibility and power, the SiteBeater Message Board is your complete user friendly solution. Message Board features: mailing lists, polls, powerful administration, file attachments, color themes, multi-lingual, multiple views, search, user preferences, send-to-friends, print preview, alert administrator, profanity filter, sorting, rating, more! Uses ASP & MSSQL. MP3 upload, lightning fast ID3 tag reading or enter your own song data, CD purchase info, search, private, public or random playlists, multi-domain, load-balancing, multi-lingual, mailing lists, themes, user management, over 50 rights, and much more! Uses ASP & MSSQL.


Vuln. Description:
Input passed to the search module "Keywords" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


example:

/ArticleDisplay/Archive.asp?DOMAIN_Link=&sSort=SubmitDate
&iSearchID=389&sKeywords=%3Cscript%3Ealert%28%27r0t%27%29
%3C%2Fscript%3E

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

I seem to be a dying breed on the internet. I still feel that article writing and article marketing are in their infancy - there is much more benefit to be derived from article writing. None of my web sites have suffered from the alleged, duplicate content filter or penalty - very much the opposite. The Article Marketing blog is on course to become the number one source of information on article writing and marketing.

11:43 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew