SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   PHP-Nuke Vendors:   Phpnuke.org
PHP-Nuke Cross-site Scripting Flaw in Private Messages Lets Remote Users Steal PHP-Nuke User Cookies
SecurityTracker Alert ID:  1003781
SecurityTracker URL:  http://securitytracker.com/id/1003781
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 11 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 5.5 and prior versions
Description:   A cross-site scripting vulnerability was reported in PHP-Nuke in the Private Messages function. A valid and authenticated remote user can potentially steal the cookies of another registered PHP-Nuke user and gain access to that user's account.

It is reported that the Private Messages function, which allows registered users on the site to send messages to the other registered users on that site, fails to filter HTML messages. A valid and authenticated remote user can send a private message containing HTML with embedded javascript so that the javascript will be executed by the recipient's browser when the message is viewed. The code will run in the security context of the PHP-Nuke site and will therefore be able to access the target user's cookies associated with the PHP-Nuke site.

A demonstration exploit script is provided:

<script>alert(document.cookie)</script>

If the remote user obtains the target (victim) user's cookies, the remote user may be able to access the target user's account on the PHP-Nuke site.

Impact:   A valid and authenticated remote user can conduct cross-site scripting attacks against other PHP-Nuke user's to potentially steal their cookies assoicated with the PHP-Nuke web site.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.phpnuke.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Date:  Sun, 10 Mar 2002 20:07:05 -0500
Subject:  Cross Site Scripting Vulnerability in PHP-Nuke



PHP-Nuke is a PHP based portal management system used at thousands of
sites. A Cross Site Scripting vulnerability has been discovered in the
PHP-Nuke version 5.5 and prior versions. There is a function called
Private Messages in PHP-Nuke by which the registered users of the site
can send messages to the other registered users of site. A user can also
send a HTML formatted message and can even embed JavaScript in it.
Now, if the user sends a malicious JavaScript embedded message to
someone then the JavaScript would be executed on the receiver's browser.

-------------Sample Message----------------

You have been screwed!

<script>alert(document.cookie)</script>

-------------------------------------------

Thus it also allows an attacker to reveal the critical information such
as cookies related to that site and get hold on his account even on
admin. Get this and more at http://hackergurus.tk

Regards,
Ravish
ravishahuja1@yahoo.com
http://hackergurus.tk 

Hacker Gurus:: Geeks With Attitude
http://hackergurus.tk
Sign up now to recieve all the latest news and updates right in your
mailbox. 




_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC