[UNIX] XOOPS RC3 Script Injection Vulnerability
From: support@securiteam.comDate: 09/24/02
- Previous message: support@securiteam.com: "[NT] Directory Traversal in Dino's Web Server (%2F)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Tue, 24 Sep 2002 19:57:44 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
XOOPS RC3 Script Injection Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.xoops.org/> XOOPS is a dynamic OO (Object Oriented) based
open source portal script written in PHP. XOOPS is the ideal tool for
developing small to large dynamic community websites, intra company
portals, corporate portals, weblogs and much more. A vulnerability in the
product allows remote attackers to cause the product to insert malicious
HTML or JavaScript into existing pages.
DETAILS
Vulnerable systems:
* XOOPS RC3.0.4 and possibly previous versions
The problem appears when a user posts a news item, and inserts the
following text:
<IMG SRC="javascript:[javascript]">
Vendor status:
Das tried to inform someone from Xoops.org but the website was not
available, therefore Das informed the French team. They were not aware of
the issue therefore, they transmitted it to the Dev Team. The Dev Team had
already located the vulnerability that is not specific to XOOPS but with a
large portion of their scripts. In future version, a new filter will be
inserted in the text sanitizer to avoid this risk.
Workaround:
Disabling the ability to post HTML based messages.
ADDITIONAL INFORMATION
This vulnerability's original paper can be found here:
<http://www.echu.org/modules/news/article.php?storyid=95>
http://www.echu.org/modules/news/article.php?storyid=95
The information has been provided by <mailto:das@hush.com> das.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Directory Traversal in Dino's Web Server (%2F)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
