Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | CuteNews Input Validation Holes in HTTP Header Parameters Let Remote Users Conduct Cross-Site Scripting Attacks |
|---|
Categorie: Vulnerability
Posted: 2005-03-02 by ReCall
Views: 353
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Some vulnerabilities were reported in CuteNews. A remote user can conduct cross-site scripting attacks. A local user can gain elevated privileges.
The software does not properly validate user-supplied input in the 'X-FORWARDED-FOR' and 'CLIENT-IP' variables. A remote user can supply specially crafted inputs to cause HTML code to be injected within the 'comments.txt' file. Then, when the news comments are viewed by a target user, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the CuteNews software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The flaw resides in '/inc/show.inc.php'.
A local user can insert arbitrary PHP code into the 'flood.db.php' file and then invoke the web server (via the localhost interface) to execute the arbitrary code with the privileges of the web service.
The system is vulnerable even if register_globals is set to 'off'.
FraMe of kernelpanik.org reported this vulnerability.
The original advisory (including a demonstration exploit for the local code execution vulnerability) is available at:
http://www.kernelpanik.org/docs/kernelpanik/cutenews.txt
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the vulnerable software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A local user can execute arbitrary PHP code and operating system commands with the privileges of the target web service.
Solution: No solution was available at the time of this entry.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1396
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
