Unsanitized Input in addlist.php

vendor:

by:

Unknown

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name:

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows Vista

Unknown

Unsanitized Input in addlist.php

The addlist.php file in the newsletter/admin directory of the server application does not properly sanitize the user-supplied input. This allows an attacker to inject malicious code, such as a script tag, which can be executed by other users visiting the page. In this specific case, the vulnerability allows an attacker to execute arbitrary JavaScript code and potentially steal cookies or perform other malicious actions on behalf of the user.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Specifically, in this case, the server-side code should sanitize and validate the user-supplied input before using it in database queries or rendering it in HTML responses.

Source

Exploit-DB raw data:

#################################################################
#
# Tested On: Windows Vista
# Note: For educational purposes only
#
#################################################################

There’s probably a lot more vulnerabilities in their web apps, but 
I could not even get them to work out of the box..

http://server/newsletter/admin/addlist.php
Look no sanitization:

8<-------snip---------8<

if(isset($_POST['submit'])) 
   {
     $list=$_POST['list'];
     if(strlen($list)<1)
     {
       print "You did not enter the name of the email list.";
     }
     else
     {
       $addemail="Insert into m_newsletters(newslettername) values('$list')";
       mysql_query($addemail) or die("Could not add list");
       print "List added.";

     }

8<-------snip---------8<

POC POST request:
list=<script>alert('i could get your cookie')</script>&submit=submit