<<< Date Index >>>     <<< Thread Index >>>

[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability




[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
Date: 2005 February
Bug Number: 06

paNews
is a news management script to use on your site. Users can use paCode, special 
code designed to allow the adding of images and font changes in the posts 
without allowing users to use HTML to post harmful things such as Java scripts 
and applets. It has several other features making adding entries and 
controlling it easily.
More info @:
http://www.phparena.net/panews.php


Discussion:
--------------------
XSS Vulnerability in 'comment.php' that may allow a remote user to launch 
cross-site scripting attacks.

This issue could permit a remote attacker to create a malicious URI link that 
includes hostile HTML and script code. If this link were to be followed, the 
hostile code may be rendered in the web browser of the victim user. This would 
occur in the security context of the affected Web site and may allow for theft 
of cookie-based authentication credentials or other attacks.

This vulnerability is reported to exist in paNews version 2.0b4, other versions 
might also be affected. 

Exploit:
--------------------
http://www.example.com/comments.php?op=view&newsid=1&showpost=";><h1>AttackerXSSvulnerable<!--


Example:
--------------------
@ authors website!
http://demo.phparena.net/panews/comments.php?op=view&newsid=73&showpost=";><h1>AttackerXSSvulnerable<!--

Solution:
--------------------
check 'showpost' value with PHP patterns then view it.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: our security team users.


Help
--------------------
Read our whitepaper about XSS Vulnerability (only in FARSI language):
http://www.persianhacker.net/articles/article-2322.html
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net


Note
--------------------
Scripts authors were not be contacted for this bug.
Our english article about XSS Vulnerability available   soon.