-- [ Xoops Private Message System Script injection ] -- Discovered on 29/01/2002 Vendor: http://xoops.sourceforge.net -- [ Overview ] -- XOOPS is an open source portal script written extensively in object-oriented PHP, backend with MySQL Database. Xoops offers for members a Private Message System (mail like) that can be abused in order to execute arbitrary Java Script Code on other members computer when displaying the Private Message Box. -- [ Description ]-- The variable coming from the field "Title" of the Private Message System is not checked for bad input. That allow malicious member to executed JavaScript code on other members computer when displaying the Private Message Box. -- [ Exploit ] -- Just input your JavaScript code into title field when composing the message. The member who open his Private Messages Box will see a "Test" Windows Popup. This JavaScript is not so nasty, but some other can be... ( stolen cookies, Writing to Registry base under some circumstances) For example: JavaScript Can Write Anything to the Windows' Registry http://www.securiteam.com/exploits/5FP080A5FM.html -- [ Tested Version ] -- Xoops RC1 -- [ Discovered by ] -- Cabezon Aurelien | aurelien.cabezon@iSecureLabs.com http://www.iSecureLabs.com | French Security portal Regards, --- Cabezon Aurélien | aurelien.cabezon@isecurelabs.com http://www.iSecureLabs.com | French Security Portal ____________________________________________ " Sachez qu'aujourd'hui est le plus beau jour de votre vie, car c'est le premier de ceux qu'il vous reste à vivre "
