[VIM] AlstraSoft Web Host Directory XSS issue probably non-admin
Steven M. Christey
coley at mitre.org
Thu May 25 20:53:03 EDT 2006
Ref:
BUGTRAQ:20060523 AlstraSoft Web Host Directory v1.2
http://www.securityfocus.com/archive/1/archive/1/434912/100/0/threaded
Researcher says:
Input data isn't filtered in the write a review box. This in turn
can cause a XSS. For proof of concept, just try putting [XSS] in
as the review text and then login in as the admin and view your
review. Reviews have an option to be auto approved too.
Some vuln DBs appear to have omitted this, possibly due to the mention
"login in as the admin and view your review." A more plausible
scenario is a regular user who writes a review, which is then approved
by the admin, theoretically triggering the XSS either when the admin
moderates the review. Or, the auto-approve might inject the XSS
without moderator review.
Note here:
http://www.alstrasoft.com/webhost.htm
has "User Functions" which include "View/Post reviews for a hosting
company". Given there's a separate section on "Admin Functions," I
would say that the XSS appears to be non-admin.
That's the interpretation I'm going with anyway; no idea whether the
original report was correct in the first place.
- Steve
More information about the VIM
mailing list