Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Xoops RC3 script injection vulnerability

Xoops RC3 script injection vulnerability

by Nikola Strahija on September 24th, 2002 "XOOPS is a dynamic OO (Object Oriented) based open source portal script written in PHP. XOOPS is the ideal tool for developing small to large dynamic community websites, intra company portals, corporate portals, weblogs and much more." dixit vendor website.


Tested version
==============
Xoops RC3.0.4, current version (maybe previous versions are also vulnerables).


Description
============
The problem appears when a user post a news, a vulnerability exists in Xoops
RC3 that allow a typical IMG attack against visitors :




The problem
===========
A badly disposed member can propose a news containing code (for une news
containing code sample of a new vulnerability for example) and if webmasters or
moderators don't take care, they will approve the news.


Vendor status
=============
I wanted to inform someone from Xoops.org but the website wasn't available, so
I informed the French team. They weren't aware of this problem so they
transmitted it to the Dev Team. The Dev Team had already located the
vulnerability which is not specific to Xoops but with much of scripts.
In future version, a new filter will be inserted in the textsanitizer to avoid
even more this risk.


Solution
========
There's no secure release of Xoops, so the unique solution is, at this moment
to disable Html in each post, to avoid the problem.


Links
=====
Vendor: http://www.xoops.org
Vendor French team: http://www.frxoops.org

This vulnerability's orginal paper can be found here:
http://www.echu.org/modules/news/article.php?storyid=95


------------------------------
David Suzanne (aka dAs)
[email protected]
http://www.echu.org



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »