SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  XOOPS Vendors:  Xoops.sourceforge.net
XOOPS Quizz Module Input Filtering Bug Allows Remote Users to Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1005631
CVE Reference:  CAN-2002-0217   (Links to External Site)
Updated:  Dec 15 2003
Original Entry Date:  Nov 14 2002
Impact:  Disclosure of authentication information, Execution of arbitrary code via network, Modification of user information, User access via network
Description:  An input validation vulnerability was reported in the XOOPS Quizz module. A remote user can conduct cross-site scripting attacks against module users.

It is reported that, if the administrator has permitted users to develop questions, a remote user can insert HTML into a proposed question (in the answer options). Then, when the administrator previews the quiz question, arbitrary scripting code will be executed by the administrator's browser. The code will originate from the site running the vulnerable software and will run in the security context of that site. As a result, the code will be able to access the administrator's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the administrator via web form to the site, or take actions on the site acting as the administrator.

The following demonstration content is provided:

<IMG SRC="javascript:alert('blocus-zone')">

The vendor has reportedly been notified.
Impact:  A remote user can access the administrator's cookies (including authentication cookies), if any, associated with the site running the XOOPS Quizz module, access data recently submitted by the administrator via web form to the site, or take actions on the site acting as the administrator.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.xoops.org/modules/news/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  magistrat <magistrat@blocus-zone.com>
Message History:   None.

 Source Message Contents
Date:  11 Nov 2002 03:15:08 -0000
From:  magistrat <magistrat@blocus-zone.com>
Subject:  xoops Quizz Module IMG bug

 



Author: Magistrat
http://www.blocus-zone.com 
magistrat@blocus-zone com 
Date: 11/11/2002
Object: IMG bug in quizz module
risk: Medium-high
advisory url: http://www.blocus-zone.com/modules/news/article.php?storyid=180

-----------------------------------------------------

After having highlighted with echu.org an IMG vulnerability for to xoops and phpnuke, i found an anot
her risk on different kind of
 portal with the module quizz.

Description of quizz :

This is just the module who permit to a webmaster to propose quiz, with a good administration in the 
elaboration of answers/questions
 and explanations in case of wrong answers. Quiz for xoops is an adaptation of phpnuke.

As for the news module of xoops or phpnuke, quizz does not escape to the confidential problem who ass
erts himself between a webmaster
 and his member, because options of this module permit to propose on-line questions by members.

------------------------------------------------------
The vulnerability  :

If the moderating/administrator of this module allows the on line development of questions, he takes 
a risk like this :

<IMG SRC="javascript:alert('blocus-zone')"> placed in a multiple answer.

( Note that the code that we have a presented here is not dangerous, however there is some codes much
 more
malicious for the subtilization of admin cookie )

to verify questions elaborated by his member, the moderator or admin goes to visualize before the  pr
oposal, even then , a pop up
 creates a page in his final form to give a visualization to the approver of questions/quiz, and this
 cause automatically the bug
 on browser, without that the administrator or the moderator have not been able to perceive him befor
e.  
------------------------------------------------------

Demonstration and translation on this page :

http://www.blocus-zone.com/modules/news/article.php?storyid=180

xoops as well as the creators of this modules has prevented, but to my great disappointment, no answe
r and no patch was given to me,
 and this since 1 week.

Regards
Magistrat

(sorry for my poor english, i'm french)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2003, SecurityGlobal.net LLC