GNUTurk Mods.PHP Cross Site Scripting Vulnerability

Bugtraq ID:	24152
Class:	Input Validation Error
CVE:	CVE-2007-2879
Remote:	Yes
Local:	No
Published:	May 25 2007 12:00AM
Updated:	May 07 2015 05:37PM
Credit:	This vulnerability was discovered by Vagrant.
Vulnerable:	GNUTURK GNUTURK 3G
Not Vulnerable:

GNUTurk Mods.PHP Cross Site Scripting Vulnerability

Gnuturk is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Gnuturk 3G is vulnerable to this issue.

GNUTurk Mods.PHP Cross Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.

The following proof-of-concept URI is available:

• /data/vulnerabilities/exploits/24152.html

GNUTurk Mods.PHP Cross Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

GNUTurk Mods.PHP Cross Site Scripting Vulnerability

References:

• GNUTURK Homepage (GNUTURK)
  
• GTP 3G © Gnuturk Portal System year=**&month= Cross-Site Scripting Vulnerability ('vagrant - e-hack.org' )