NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability
BID:13570
Info
NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13570 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2005 12:00AM |
| Updated: | May 10 2005 12:00AM |
| Credit: | Discovery is credited to Suko and Lostmon. |
| Vulnerable: |
Tru-Zone NukeET 3.1 Tru-Zone NukeET 3.0 |
| Not Vulnerable: | |
Discussion
NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability
NukeET is prone to a cross-site scripting vulnerability.
The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigger the issue, HTML and script code may be Base64-encoded when passed as a URI variable argument.
An attacker may exploit the issue by enticing a user to following a link that includes hostile Base64-encoded HTML and script code. The malicious input will be decoded by the application and may then be rendered in the browser of the user who visits the link.
NukeET is prone to a cross-site scripting vulnerability.
The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigger the issue, HTML and script code may be Base64-encoded when passed as a URI variable argument.
An attacker may exploit the issue by enticing a user to following a link that includes hostile Base64-encoded HTML and script code. The malicious input will be decoded by the application and may then be rendered in the browser of the user who visits the link.
Exploit / POC
NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability
The following example was provided:
The following Base64-encoded string is equivalent to <script>alert()</script><h1>XSS PoW@ !!!</h1>:
PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+PGgxPlhTUyBQb1dAICEhITwvaDE+
http://www.example.com/security.php?codigo=
PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+PGgxPlhTUyBQb1dAICEhITwvaDE+
The following example was provided:
The following Base64-encoded string is equivalent to <script>alert()</script><h1>XSS PoW@ !!!</h1>:
PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+PGgxPlhTUyBQb1dAICEhITwvaDE+
http://www.example.com/security.php?codigo=
PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+PGgxPlhTUyBQb1dAICEhITwvaDE+
Solution / Fix
NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability
Solution:
The vendor has allegedly released a patch to address this issue at:
http://www.truzone.org/modules.php?name=Projet&op=getit&iddow=77
This page is only accessible to registered users. Symantec has not confirmed the applicability of the patch. This issue may have also been addressed in version 3.2, however, this is also unconfirmed. Affected users are advised to contact the vendor.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
The vendor has allegedly released a patch to address this issue at:
http://www.truzone.org/modules.php?name=Projet&op=getit&iddow=77
This page is only accessible to registered users. Symantec has not confirmed the applicability of the patch. This issue may have also been addressed in version 3.2, however, this is also unconfirmed. Affected users are advised to contact the vendor.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerability
References:
References:
- NukeET 'codigo' variable cross site scripting (Lostmon)
- Vendor Homepage (Tru-Zone)