PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
BID:10128
Info
PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
| Bugtraq ID: | 10128 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2004 12:00AM |
| Updated: | Apr 13 2004 12:00AM |
| Credit: | This issue has been disclosed by Janek Vind "waraxe". |
| Vulnerable: |
Francisco Burzi PHP-Nuke 7.2 Francisco Burzi PHP-Nuke 7.1 Francisco Burzi PHP-Nuke 7.0 FINAL Francisco Burzi PHP-Nuke 7.0 Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0 |
| Not Vulnerable: | |
Discussion
PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode()' function to properly sanitize user supplied cookie parameters.
These issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode()' function to properly sanitize user supplied cookie parameters.
These issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
The following proof of concept has been provided:
http://localhost/nuke71/index.php?user=MTo8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvb2tpZSk7PC9zY3JpcHQ%2bZm9vYmFy
The following proof of concept has been provided:
http://localhost/nuke71/index.php?user=MTo8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvb2tpZSk7PC9zY3JpcHQ%2bZm9vYmFy
Solution / Fix
PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
References:
References:
- [waraxe-2004-SA#016] - [ Cross-Site Scripting aka XSS in phpnuke 6.x-7.2 part 3 (Janek Vind "waraxe")
- PHPNuke INP Homepage (PHPNuke INP)