PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities
BID:9879
Info
PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 9879 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2004 12:00AM |
| Updated: | Mar 15 2004 12:00AM |
| Credit: | Discovery is credited to Janek Vind <[email protected]>. |
| Vulnerable: |
Francisco Burzi PHP-Nuke 7.1 |
| Not Vulnerable: | |
Discussion
PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities
It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
PHP-Nuke 7.1.0 has been reported to be prone to these issues, however, it is possible that other versions are affected as well. These issues are undergoing further analysis. These issues will be separated into individual BIDs once analysis is complete.
It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
PHP-Nuke 7.1.0 has been reported to be prone to these issues, however, it is possible that other versions are affected as well. These issues are undergoing further analysis. These issues will be separated into individual BIDs once analysis is complete.
Exploit / POC
PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities
No exploit is required.
The following proof of concept has been supplied:
http://www.example.com/nuke71/modules.php?name=Recommend_Us&op=SiteSent&fname=>[xss code here]
http://www.example.com/nuke71/modules.php?name=Downloads&d_op=TopRated&ratenum=>[xss code here]&ratetype=x
More exploitation techniques are available in the message reference.
No exploit is required.
The following proof of concept has been supplied:
http://www.example.com/nuke71/modules.php?name=Recommend_Us&op=SiteSent&fname=>[xss code here]
http://www.example.com/nuke71/modules.php?name=Downloads&d_op=TopRated&ratenum=>[xss code here]&ratetype=x
More exploitation techniques are available in the message reference.
Solution / Fix
PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- PHP-Nuke Product Page (Francisco Burzi)
- [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2] (Janek Vind