Siteman Page Parameter Cross-Site Scripting Vulnerability
BID:12267
Info
Siteman Page Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 12267 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 14 2005 12:00AM |
| Updated: | Jan 14 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Pedram hayati <[email protected]>. |
| Vulnerable: |
Siteman Siteman 1.1.9 |
| Not Vulnerable: | |
Discussion
Siteman Page Parameter Cross-Site Scripting Vulnerability
Siteman is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.
Siteman is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
Siteman Page Parameter Cross-Site Scripting Vulnerability
The following examples are available:
http://www.example.com/forum.php?do=viewtopic&cat=1&topic=1&page=1?"><script>alert(document.cookie)</script>
http://www.example.com/news.php?do=showone&id=1&page=1?"><script>alert(document.cookie)</script>
The following examples are available:
http://www.example.com/forum.php?do=viewtopic&cat=1&topic=1&page=1?"><script>alert(document.cookie)</script>
http://www.example.com/news.php?do=showone&id=1&page=1?"><script>alert(document.cookie)</script>
Solution / Fix
Siteman Page Parameter Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Siteman Page Parameter Cross-Site Scripting Vulnerability
References:
References:
- Siteman Homepage (Siteman)
- XSS Vulnerability in Siteman v1.1.9 (Pedram hayati
)