PostNuke Phoenix Module Parameter Remote Cross-Site Scripting Vulnerability
BID:13076
Info
PostNuke Phoenix Module Parameter Remote Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13076 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1048 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | dcrab <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
PostNuke Development Team PostNuke Phoenix 0.760 RC3 |
| Not Vulnerable: |
PostNuke Development Team PostNuke Phoenix 0.750 b |
Discussion
PostNuke Phoenix Module Parameter Remote Cross-Site Scripting Vulnerability
A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
PostNuke Phoenix Module Parameter Remote Cross-Site Scripting Vulnerability
The following proof of concept is available:
http://www.example.com/admin.php?module=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&op=main&POSTNUKESID=355776cfb622466924a7096d4471a480
The following proof of concept is available:
http://www.example.com/admin.php?module=">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&op=main&POSTNUKESID=355776cfb622466924a7096d4471a480
Solution / Fix
PostNuke Phoenix Module Parameter Remote Cross-Site Scripting Vulnerability
Solution:
The vendor has released advisory PNSA 2005-2, along with fixes to address this, and other issues. Please see the referenced advisory for further information.
PostNuke Development Team PostNuke Phoenix 0.760 RC3
Solution:
The vendor has released advisory PNSA 2005-2, along with fixes to address this, and other issues. Please see the referenced advisory for further information.
PostNuke Development Team PostNuke Phoenix 0.760 RC3
-
PostNuke Development Team PNSA 2005-2
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-4 71.html -
PostNuke Development Team PostNuke 0.750 Gold
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-4 11.html
References
PostNuke Phoenix Module Parameter Remote Cross-Site Scripting Vulnerability
References:
References:
- PostNuke Homepage (PostNuke Development Team)
- PostNuke Security Advisory PNSA 2005-2 (PostNuke Development Team)
- Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 (dcrab