Wirtualna Polska WPKontakt Remote Script Execution Vulnerability
BID:12097
Info
Wirtualna Polska WPKontakt Remote Script Execution Vulnerability
| Bugtraq ID: | 12097 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 23 2004 12:00AM |
| Updated: | Dec 23 2004 12:00AM |
| Credit: | This vulnerability is credited to the Poznan Supercomputing and Networking Center. |
| Vulnerable: |
Wirtualna Polska WPKontakt 3.0.1 |
| Not Vulnerable: |
Wirtualna Polska WPKontakt 3.0.1 p1 |
Discussion
Wirtualna Polska WPKontakt Remote Script Execution Vulnerability
WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script code may be executed on a target system in the event that a specially message containing a specially malformed email address containing a JavaScript URI is received.
WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script code may be executed on a target system in the event that a specially message containing a specially malformed email address containing a JavaScript URI is received.
Exploit / POC
Wirtualna Polska WPKontakt Remote Script Execution Vulnerability
An exploit is not required.
The following proof of concept has been provided by Jaroslaw Sajko <[email protected]>:
test@"style="background-image:url(javascript:alert(%22You%20are%20owned!%22>))".wp.pl
An exploit is not required.
The following proof of concept has been provided by Jaroslaw Sajko <[email protected]>:
test@"style="background-image:url(javascript:alert(%22You%20are%20owned!%22>))".wp.pl
Solution / Fix
Wirtualna Polska WPKontakt Remote Script Execution Vulnerability
Solution:
It is reported that WPKontakt version 3.0.1p1 addresses this issue. This has not been confirmed by Symantec. Please contact the vendor before upgrading to the new version.
Solution:
It is reported that WPKontakt version 3.0.1p1 addresses this issue. This has not been confirmed by Symantec. Please contact the vendor before upgrading to the new version.
References
Wirtualna Polska WPKontakt Remote Script Execution Vulnerability
References:
References:
- Scripting vulnerability in WPkontakt (Poznan Supercomputing and Networking Center )