Webmatic 3.0.3 cross site scripting

2010.03.23
Credit: Lostmon
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################# Webmatic 3.0.3 Multiple cross-site scripting Vendor URL:http://www.valarsoft.com/ Advisore: http://lostmon.blogspot.com/2010/03/webmatic-303-multiple-crosssite.html Vendor notified: YES ################################# Webmatic contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables and form fields upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. ############## Versions ############## valarsoft webmatic 3.0.3 Its posible that prior versions are afected ################ TimeLIne ############## Discovered 13-01-2010 Vendor notify: 14-03-2010 vendor response:15-03-2010 Disclosure: 19-03-2010 ############### Private messages ################ Subject field form is vulnerable a attacker can compose a PM with a malformed title and it is executed wen the victims view his inbox or open the PM. ################# Forums ################# Search field form ,filer variable and title form field affected. a attacker can compose a post with a malformed title and wen a victim try to browse the forum the xss is executed, also the attacker can compose a search url with xss in filter variable or put the xss in search form field to execute it. ################## Chat room ################### Nickname form field affected a attacker can use a malformed nick name with xss and wen he join in a channel the xss is executed in all channels users. ###################### News #################### Title form filed affected a attacker can compose a new with a malformed title and wen a user browse the news sections the xss is executed also if the new has a "resume" in home page, all users wen load the page are afected by xss. pg variable affected a attacker can compose a malformed URL in news sections and insert some xss code in 'pg' variable , wen a victim clink in this url the xss is executed. ######################### banners section ######################### Title and label form fields A remote user can add a banner with a malformed title or/and malformed label wen the attacker visit his banner the xss is executed in his own banner management. Also if a victim visit this banner the xss is executed. ############################�D############################# Thns to estrella to be my ligth -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top