[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
From: PersianHacker Team <pi3ch@xxxxxxxxx>
Date: 16 Feb 2005 09:20:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
Date: 2005 February
Bug Number: 06

paNews
is a news management script to use on your site. Users can use paCode, special 
code designed to allow the adding of images and font changes in the posts 
without allowing users to use HTML to post harmful things such as Java scripts 
and applets. It has several other features making adding entries and 
controlling it easily.
More info @:
http://www.phparena.net/panews.php


Discussion:
--------------------
XSS Vulnerability in 'comment.php' that may allow a remote user to launch 
cross-site scripting attacks.

This issue could permit a remote attacker to create a malicious URI link that 
includes hostile HTML and script code. If this link were to be followed, the 
hostile code may be rendered in the web browser of the victim user. This would 
occur in the security context of the affected Web site and may allow for theft 
of cookie-based authentication credentials or other attacks.

This vulnerability is reported to exist in paNews version 2.0b4, other versions 
might also be affected. 

Exploit:
--------------------
http://www.example.com/comments.php?op=view&newsid=1&showpost=";><h1>AttackerXSSvulnerable<!--


Example:
--------------------
@ authors website!
http://demo.phparena.net/panews/comments.php?op=view&newsid=73&showpost=";><h1>AttackerXSSvulnerable<!--

Solution:
--------------------
check 'showpost' value with PHP patterns then view it.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: our security team users.


Help
--------------------
Read our whitepaper about XSS Vulnerability (only in FARSI language):
http://www.persianhacker.net/articles/article-2322.html
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net


Note
--------------------
Scripts authors were not be contacted for this bug.
Our english article about XSS Vulnerability available   soon.

Prev by Date: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by Date: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
Previous by thread: RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction
Next by thread: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
Index(es):
- Date
- Thread