by r0t,der4444,cembo,VietMafia

Monday, March 27, 2006

EZHomepagePro multiple XSS vuln.

EZHomepagePro multiple XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 march 2006
vendor:www.htmljunction.net/ezhomepagepro/index.asp
affected versions: v1.5 and prior
###############################################


Vuln. description:

EZHomepagePro contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "adid","aname" paremters in "/common/email.asp","/users/users_search.asp","/users/users_profiles.asp" and "m" paremter in "/users/users_search.asp" and "page" paremter in "/users/users_calendar.asp" and "usid" paremter in "/users/users_mgallery.asp" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples:

/common/email.asp?page=user&m=y&select=r0t-&usid
=2&uname=guest&aname=&adid=[XSS]

/common/email.asp?page=user&m=y&select=r0t-&usid
=2&uname=&aname=[XSS]

/users/users_search.asp?page=user&uname=r0t&usid=
2&aname=&adid=&m=[XSS]

/users/users_search.asp?page=user&uname=r0t&usid=
2&aname=&adid=[XSS]

/users/users_search.asp?page=user&uname=r0t&usid=
2&aname=[XSS]

/users/users_calendar.asp?view=yes&action=write&una
me=r0t&usid=2&date=3/2/2006&sdate=3/2/2006&page=[XSS]

/users/users_profiles.asp?page=user&uname=r0t&usid=
2&aname=&adid=[XSS]

/users/users_profiles.asp?page=user&uname=r0t&usid=
2&aname=[XSS]

/users/users_mgallery.asp?gn=r0t&gp=guest&fl=Favor
ites&usid=[XSS]


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew