[UNIX] Cross-Site Scripting CuteNews (show_archives, show_news)
From: SecuriTeam (support_at_securiteam.com)
Date: 06/28/04
- Previous message: SecuriTeam: "[UNIX] vBulletin HTML Injection Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 28 Jun 2004 19:37:04 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Cross-Site Scripting CuteNews (show_archives, show_news)
------------------------------------------------------------------------
SUMMARY
<http://cutephp.com/cutenews/index.php> CuteNews is "a powerful and easy
for using news management system that use flat files to store its
database". A vulnerability in two of CuteNews's PHP scripts allows a
remote attacker to inject third party content into the web site's web
pages.
DETAILS
Vulnerable Systems:
* CuteNews version 1.3.1 and prior
Examples:
Vendor Status:
ADDITIONAL INFORMATION
The information has been provided by <mailto:darkbicho@fastmail.fm>
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
The following two examples illustrate how you can inject malicious content
into a third party web site running CuteNews:
http://attacker/show_archives.php?subaction=showcomments&id=
http://attacker/show_news.php?subaction=showcomments&id=
The vendor has been contacted and is planning on releasing a new version
shortly.
DarkBicho.
The original article can be found at:
<http://www.swp-zone.org/archivos/advisory-06.txt>
http://www.swp-zone.org/archivos/advisory-06.txt
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Due to improper filtering of user provided data, a remote attacker can ... This allows an attacker to redirect the user to whatever site ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... String userAgent, ... scripting' entry, but unfortunately has not changed the version number. ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The vulnerability is caused due to an input validation error in the db2www ... The vendor recommends that the "DTW_DEFAULT_ERROR_MESSAGE" feature (or ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... and guidance of many established companies and industry experts, TRUSTe ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... parameter to My_eGallery so it actually includes malicious PHP code. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
