SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Server/CGI)  >  XOOPS Vendors:  Xoops.sourceforge.net
XOOPS Portal Software Private Message System Lets Remote Users Execute Javascript on the Recipient's Computer
Date:  Jan 29 2002
Impact:  Execution of arbitrary code via network
Advisory:  iSecureLabs
Version(s): RC1
Description:  iSecureLabs reported a vulnerability in the XOOPS Private Message System. A remote user can cause arbitrary javascript to be executed on the message recipient's computer.

It is reported that a remote user can create a special message for delivery via the Private Message System that will cause arbitrary javascript to be executed on the recipient's computer when the recipient displays the Private Message Box.

According to the report, the user-supplied "Title" field of the Private Message System is not filtered. A remote user can apparently place javascript in this field.
Impact:  A remote user can cause arbitrary javascript to be executed on the recipient's computer.
Solution:  No solution was available at the time of this entry.
Vendor URL:  xoops.sourceforge.net/modules/news/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  Cabezon Aurelien <aurelien.cabezon@iSecureLabs.com>
Message History:   None.

 Source Message Contents
Date:  Tue, 29 Jan 2002 11:38:18 -0500
From:  Cabezon Aurelien <aurelien.cabezon@iSecureLabs.com>
Subject:  Xoops Private Message System Java Script injection

 

Xoops Private Message System Java Script injection ()
Posté le Mardi, janvier 29 @ 16:57:19 CET par acz


XOOPS is an open source portal script written extensively in
object-oriented PHP, backend with MySQL Database.

Xoops offers for members a Private Message System (mail like) that can
be abused in order to execute arbitrary Java Script Code on other
members computer when displaying the Private Message Box.

-- [ Xoops Private Message System Java Script injection ] --

Discovered on 29/01/2002
Vendor: http://xoops.sourceforge.net

-- [ Overview ] --

XOOPS is an open source portal script written extensively in
object-oriented PHP, backend with MySQL Database.

Xoops offers for members a Private Message System (mail like) that can
be abused in order to execute arbitrary Java Script Code on other
members computer when displaying the Private Message Box.

-- [ Description ]--

The variable coming from the field "Title" of the Private Message System
is not checked for bad input. That allow malicious member to executed
JavaScript code on other members computer when displaying the Private
Message Box.

-- [ Exploit ] --

Just input your JavaScript code into title field when composing the
message.  The member who open his Private Messages Box will see a "Test"
Windows Popup.  This JavaScript is not so nasty, but some other can
be... ( stolen cookies, Writing to Registry base under some
circumstances)

JavaScript Can Write Anything to the Windows' Registry
                     http://www.securiteam.com/exploits/5FP080A5FM.html


-- [ Tested Version ] --

Xoops RC1

-- [ Discovered by ] --

Cabezon Aurelien | aurelien.cabezon@iSecureLabs.com
http://www.iSecureLabs.com | French Security portal


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC