XSS & Path Disclosure in Chipmunk's products

Credit: trueend5
Risk: Low
Local: No
Remote: Yes

Products: Chipmunk >> ( Forum , Topsites , Directory ) , [ Guestbook ] Versions: Tested: Last released of products Vendor: http://chipmunk-scripts.com Bug: ( XSS ) , [ Path Disclosure ] Exploitation: Remote --------------------------- Introduction: Chipmunk Forum is a small yet flexible and fully featured forum system. Chipmunk Topsites is a flexible topsite system utilizing PHP4/mysql. Chipmunk Directory is a powerful link indexing script. Chipmunk Guestbook is an easy to use yet powerful guestbook with a customizable layout --------------------------- vulnerability:XSS ( Forum , Topsites , Directory ) XSS Vulnerability in multiple PHP pages that may allow a remote user to launch cross-site scripting attacks. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. vulnerability:Path Disclosure [ Guestbook ] A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation path and other data. ---------------------------- Demonstration XSS URL : http://example.com/board/newtopic.php?forumID='%3C/a>%3CIFRAME%20SRC=jav ascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E http://example.com/board/quote.php?forumID='%3C/a>%3CIFRAME%20SRC=javasc ript:alert(%2527xss%2527)%3E%3C/IFRAME%3E & [ board/index.php , board/reply.php ] http://example.com/topsites/recommend.php?ID='%3C/a>%3CIFRAME%20SRC=java script:alert(%2527xss%2527)%3E%3C/IFRAME%3E http://example.com/directory/recommend.php?entryID='%3C/a>%3CIFRAME%20SR C=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E Demonstration Path Disclosure URL : http://example.com/guestbook/index.php?start=' ----------------------------- Solution: There is no vendor-supplied patch for this issue at this time. ------------------------------- Credits: Discovered & released by trueend5 Security Science Researchers Institute Of Iran [KAPDA.ir] Original Advisory: http://irannetjob.com/content/view/148/28/ __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com


Back to Top