Workboard input validation error in task_id variable and proyect_id variable

Friday, December 17, 2004

#########################################
Work board input validation error in
task_id variable and proyect_id variable
let´s remote users to make XSS attacks
vendor: http://www.burnwave.com/modules.php? name=
Archives&op=info&did=15

Developer: Michael Squires
vendor notified: yes(msn conversation) xploit include: yes
original advisore:http://lostmon.blogspot.com/2004/12
/workboard-input-validation-error-in.html
OSVDB ID:12504
secunia:SA13574
##########################################


WorkBoard is a project/task manager used for primarily for software development
(in this case, PHP... but it can be used for non-software projects).
this script have two imput validation erros and a remote user can conduct
Cross-site scripting attacks (XSS)

the flaw was on 'project_id' variable


http://[target]/modules.php?name=WorkBoard&file=
project&project_id=3[XSS_code]

http://[target]/modules.php?name=WorkBoard&file=project&project_id=
2%3Cbody%3E%3Cp%3E%3Ch1%3EWorkboard+XSS%20Pow@!!+%21%21%21+
lostmon+was+here+%3AD%3C/h1%3E

and the same flaw afected 'task_id' variable


http://[target]/modules.php?name=Work_Board&op=
Task&task_id=7[XSS_code]
http://[target]/modules.php?name=Work_Board&op=
Task&task_id=5%3Cbody%3E%3Cp%3E%3Ch1%3EWorkboard+
XSS%20Pow@!!+%21%21%21+lostmon+was+here+%3AD%3C/h1%3E

i`m speaking whith the developer by msn conversation....
but he is no interesed to fix it ????
:///

atentamente

Lostmon (lostmon@gmail.com)


thnx to estrella to be my ligth

thnx to all who belibed in me




--

La curiosidad es lo que hace mover la mente.



=============================================

conversation whith the developer by MSN


==================================================

No interest to fix ??? :O


X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
hello !
Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:

Yes?

X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:

helo you are the developer of

X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:

workboard ?

Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:

yes, I am.

X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:

okis i have found 2 poible faws

X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:

in your work

X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:

in 2 variables

Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:

unfortunately I do NOT support my free scripts

Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:

thanks for reading

Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:

if you want an updated version of workboard, go to nukescripts.net.

Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:

thanks

X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:

no like toi see ?



No se pudo entregar el mensaje siguiente a todos los destinatarios:

no like toi see ?





--
la curiosidad es lo que hace mover la mente

POSIBLE FIX

for variable proyect_id

search: $project_id = intval($project_id);


change for:

case "Project":

$project_id = intval($project_id);

$pagetitle = ": "._MODULE_PROJECT_TITLE."$project_id";


for variable task_id

search: $task_id = intval($task_id);


change for:

case "task":

$task_id = intval($task_id);

$pagetitle = ": "._MODULE_PROJECT_TITLE."$task_id";


Bug found : Lostmon (lostmon@gmail.com)

FIX by Lmc , by suko http://spanishwebmaster.com


Atentamente
Lostmon (lostmon@gmail.com)
thnx to Suko & Lmc
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...