PHP-Nuke Cross-site Scripting Flaw in Private Messages Lets Remote Users Steal PHP-Nuke User Cookies
|
|
SecurityTracker Alert ID: 1003781 |
|
SecurityTracker URL: http://securitytracker.com/id/1003781
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 11 2002
|
Impact:
Disclosure of authentication information, Execution of arbitrary code via network
|
Exploit Included: Yes
|
Version(s): 5.5 and prior versions
|
Description:
A cross-site scripting vulnerability was reported in PHP-Nuke in the Private Messages function. A valid and authenticated remote user can potentially steal the cookies of another registered PHP-Nuke user and gain access to that user's account.
It is reported that the Private Messages function, which allows registered users on the site to send messages to the other registered users on that site, fails to filter HTML messages. A valid and authenticated remote user can send a private message containing HTML with embedded javascript so that the javascript will be executed by the recipient's browser when the message is viewed. The code will run in the security context of the PHP-Nuke site and will therefore be able to access the target user's cookies associated with the PHP-Nuke site.
A demonstration exploit script is provided:
<script>alert(document.cookie)</script>
If the remote user obtains the target (victim) user's cookies, the remote user may be able to access the target user's account on the PHP-Nuke site.
|
Impact:
A valid and authenticated remote user can conduct cross-site scripting attacks against other PHP-Nuke user's to potentially steal their cookies assoicated with the PHP-Nuke web site.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.phpnuke.org/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 10 Mar 2002 20:07:05 -0500
Subject: Cross Site Scripting Vulnerability in PHP-Nuke
|
PHP-Nuke is a PHP based portal management system used at thousands of
sites. A Cross Site Scripting vulnerability has been discovered in the
PHP-Nuke version 5.5 and prior versions. There is a function called
Private Messages in PHP-Nuke by which the registered users of the site
can send messages to the other registered users of site. A user can also
send a HTML formatted message and can even embed JavaScript in it.
Now, if the user sends a malicious JavaScript embedded message to
someone then the JavaScript would be executed on the receiver's browser.
-------------Sample Message----------------
You have been screwed!
<script>alert(document.cookie)</script>
-------------------------------------------
Thus it also allows an attacker to reveal the critical information such
as cookies related to that site and get hold on his account even on
admin. Get this and more at http://hackergurus.tk
Regards,
Ravish
ravishahuja1@yahoo.com
http://hackergurus.tk
Hacker Gurus:: Geeks With Attitude
http://hackergurus.tk
Sign up now to recieve all the latest news and updates right in your
mailbox.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
|
|
