Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
BID:12907
Info
Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 12907 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2005 12:00AM |
| Updated: | Mar 26 2005 12:00AM |
| Credit: | Discovery credited to Gerardo Astharot Di Giacomo <[email protected]>. |
| Vulnerable: |
Nuke Bookmarks Nuke Bookmarks 0.6 |
| Not Vulnerable: | |
Discussion
Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
No exploit code is required.
The following proof of concept URIs were supplied:
http://www.example.com/modules.php?name=Bookmarks&file=del_cat&catname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=del_mark&markname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=edit_cat&catname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=edit_cat&catcomment=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=marks&catname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=uploadbookmarks&category=[htmlcode]
No exploit code is required.
The following proof of concept URIs were supplied:
http://www.example.com/modules.php?name=Bookmarks&file=del_cat&catname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=del_mark&markname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=edit_cat&catname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=edit_cat&catcomment=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=marks&catname=[htmlcode]
http://www.example.com/modules.php?name=Bookmarks&file=uploadbookmarks&category=[htmlcode]
Solution / Fix
Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has addressed this issue in Nuke Bookmarks 0.7.
Nuke Bookmarks Nuke Bookmarks 0.6
Solution:
The vendor has addressed this issue in Nuke Bookmarks 0.7.
Nuke Bookmarks Nuke Bookmarks 0.6
-
Nuke Bookmarks Nuke Bookmarks 0.7
http://prdownloads.sourceforge.net/nukebookmarks/bookmarks-0.7.tgz?dow nload
References
Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Home Page (Nuke Bookmarks)
- ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 (Gerardo Astharot Di Giacomo