[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
Date: 2005 February
Bug Number: 06
paNews
is a news management script to use on your site. Users can use paCode, special
code designed to allow the adding of images and font changes in the posts
without allowing users to use HTML to post harmful things such as Java scripts
and applets. It has several other features making adding entries and
controlling it easily.
More info @:
http://www.phparena.net/panews.php
Discussion:
--------------------
XSS Vulnerability in 'comment.php' that may allow a remote user to launch
cross-site scripting attacks.
This issue could permit a remote attacker to create a malicious URI link that
includes hostile HTML and script code. If this link were to be followed, the
hostile code may be rendered in the web browser of the victim user. This would
occur in the security context of the affected Web site and may allow for theft
of cookie-based authentication credentials or other attacks.
This vulnerability is reported to exist in paNews version 2.0b4, other versions
might also be affected.
Exploit:
--------------------
http://www.example.com/comments.php?op=view&newsid=1&showpost="><h1>AttackerXSSvulnerable<!--
Example:
--------------------
@ authors website!
http://demo.phparena.net/panews/comments.php?op=view&newsid=73&showpost="><h1>AttackerXSSvulnerable<!--
Solution:
--------------------
check 'showpost' value with PHP patterns then view it.
Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET
Special Thanks: our security team users.
Help
--------------------
Read our whitepaper about XSS Vulnerability (only in FARSI language):
http://www.persianhacker.net/articles/article-2322.html
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net
Note
--------------------
Scripts authors were not be contacted for this bug.
Our english article about XSS Vulnerability available soon.