SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   XOOPS Vendors:   Xoops.sourceforge.net
XOOPS Quizz Module Input Filtering Bug Allows Remote Users to Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1005631
SecurityTracker URL:  http://securitytracker.com/id/1005631
CVE Reference:   CVE-2002-0217   (Links to External Site)
Updated:  Dec 15 2003
Original Entry Date:  Nov 14 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network, Modification of user information, User access via network


Description:   An input validation vulnerability was reported in the XOOPS Quizz module. A remote user can conduct cross-site scripting attacks against module users.

It is reported that, if the administrator has permitted users to develop questions, a remote user can insert HTML into a proposed question (in the answer options). Then, when the administrator previews the quiz question, arbitrary scripting code will be executed by the administrator's browser. The code will originate from the site running the vulnerable software and will run in the security context of that site. As a result, the code will be able to access the administrator's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the administrator via web form to the site, or take actions on the site acting as the administrator.

The following demonstration content is provided:

<IMG SRC="javascript:alert('blocus-zone')">

The vendor has reportedly been notified.

Impact:   A remote user can access the administrator's cookies (including authentication cookies), if any, associated with the site running the XOOPS Quizz module, access data recently submitted by the administrator via web form to the site, or take actions on the site acting as the administrator.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.xoops.org/modules/news/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  xoops Quizz Module IMG bug




Author: Magistrat
http://www.blocus-zone.com 
magistrat@blocus-zone com 
Date: 11/11/2002
Object: IMG bug in quizz module
risk: Medium-high
advisory url: http://www.blocus-zone.com/modules/news/article.php?storyid=180

-----------------------------------------------------

After having highlighted with echu.org an IMG vulnerability for to xoops and phpnuke, i found an another risk on different kind of
 portal with the module quizz.

Description of quizz :

This is just the module who permit to a webmaster to propose quiz, with a good administration in the elaboration of answers/questions
 and explanations in case of wrong answers. Quiz for xoops is an adaptation of phpnuke.

As for the news module of xoops or phpnuke, quizz does not escape to the confidential problem who asserts himself between a webmaster
 and his member, because options of this module permit to propose on-line questions by members.

------------------------------------------------------
The vulnerability  :

If the moderating/administrator of this module allows the on line development of questions, he takes a risk like this :

<IMG SRC="javascript:alert('blocus-zone')"> placed in a multiple answer.

( Note that the code that we have a presented here is not dangerous, however there is some codes much more
malicious for the subtilization of admin cookie )

to verify questions elaborated by his member, the moderator or admin goes to visualize before the  proposal, even then , a pop up
 creates a page in his final form to give a visualization to the approver of questions/quiz, and this cause automatically the bug
 on browser, without that the administrator or the moderator have not been able to perceive him before.  
------------------------------------------------------

Demonstration and translation on this page :

http://www.blocus-zone.com/modules/news/article.php?storyid=180

xoops as well as the creators of this modules has prevented, but to my great disappointment, no answer and no patch was given to me,
 and this since 1 week.

Regards
Magistrat

(sorry for my poor english, i'm french) 




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC