Mambo Component AkoBook <= 3.42 - XSS/Script Injection Vulnerability

2007.09.08
Credit: Trew
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

###################################################################### # # Mambo Component AkoBook <= 3.42 - XSS/Script Injection Vulnerability # # Date : 04-september-2007 # Risk : Low # Vendor URL : http://www.mamboportal.com # Dork : allinurl: index.php?option=com_akobook # # Found By : Rubn Ventura Pi&#241;a (Trew) # Contact Info : http://trew.icenetx.net # trew.revolution@gmail.com # ICEnetX Team - http://icenetx.net # ###################################################################### # # Greetings oh earthlings: # Ayzax, BRIO, Gaper, (All ICEnetX Team), n3, Tog, ta^3, Paisterist, # kbyte, and to all people who likes H.I.M, lol. # # "Maybe you can't break the system, but you can always hack it." # ###################################################################### # ## Vulnerability ## # # AkoBook is a Guestbook component for Mambo. A vulnerability in AkoBook # 3.42 and earlier versions can be exploited by malicious people to conduct # cross-site scripting attacks. # # Input passed to the "gbmail" and "gbpage" parameters in the signing page # (generally index.php?option=com_akobook&func=sign) is not properly santised. # This can be exploited to inject script code into the page, and as a result # conduct a persistente XSS attack. # # Some characters as "<" and ">" are not allowed but simple quotes can still # be used. The following code in one of the vulnerable inputs would result in # a XSS: # Injection: wawa' onload=javascript:alert(/XSS/) a=' # # After the script is sent, it should appear in the guestbook source code # like this, exploiting the XSS flaw: # # <a href='http://wawa' onload=javascript:alert(/XSS/) a=''> # <img src='homepage.gif' alt='http://wawa' onload=javascript:alert(/XSS/) a=''></a> # # ## How to fix ## # # Santise quotes properly in all the form inputs. # # wawawa # [EOF]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top