Viscacha 0.8 Gold persistant XSS vulnerability

2010-01-06 / 2010-01-07
Credit: mr_me
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

################################################################# # # Viscacha 0.8 Gold persistant XSS vulnerability # Found By: mr_me # Download: http://www.viscacha.org/ # Tested On: Windows Vista # Note: For educational purposes only # ################################################################# POC Info: A regular user of the board can embed javascript code that could be executed within the context of the admin's browser. If the user edits their own profile by going to "http://[server]/viscacha/editprofile.php?action=profile" and places "<script>alert(document.cookie)</script>" into the instant messenger fields and then gives the following link to the admin: http://[server]/viscacha/profile.php?action=ims&type=msn&id=1 The user could potentially log the admins cookie and reset their own session thus gaining administration access.

References:

http://xforce.iss.net/xforce/xfdb/54614
http://www.exploit-db.com/exploits/10354
http://secunia.com/advisories/37608
http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top