Viscacha 0.8 Gold persistant XSS vulnerability

2010-01-06 / 2010-01-07

Credit: mr_me

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2009-4567

CWE: CWE-79

Ogólna skala CVSS: 3.5/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 6.8/10

Wymagany dostęp: Zdalny

Złożoność ataku: Średnia

Autoryzacja: Jednorazowa

Wpływ na poufność: Brak

Wpływ na integralność: Częściowy

Wpływ na dostępność: Brak

#################################################################
#
# Viscacha 0.8 Gold persistant XSS vulnerability
# Found By: mr_me
# Download: http://www.viscacha.org/
# Tested On: Windows Vista
# Note: For educational purposes only
#
#################################################################
POC Info:
A regular user of the board can embed javascript code that could be executed within the context of the admin's browser.
If the user edits their own profile by going to "http://[server]/viscacha/editprofile.php?action=profile"
and places "<script>alert(document.cookie)</script>"
into the instant messenger fields and then gives the following link to the admin:
http://[server]/viscacha/profile.php?action=ims&type=msn&id=1
The user could potentially log the admins cookie and reset their own session thus gaining administration access.

Referencje:

http://xforce.iss.net/xforce/xfdb/54614

http://www.exploit-db.com/exploits/10354

http://secunia.com/advisories/37608

http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Viscacha 0.8 Gold persistant XSS vulnerability

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.