Viscacha 0.8 Gold persistant XSS vulnerability

vendor:

Viscacha

by:

mr_me

8.8

CVSS

HIGH

Persistant XSS

CWE

Product Name: Viscacha

Affected Version From: Viscacha 0.8 Gold

Affected Version To: Viscacha 0.8 Gold

Patch Exists: Unknown

Related CWE: N/A

CPE: a:viscacha:viscacha:0.8_gold

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows Vista

Unknown

Viscacha 0.8 Gold persistant XSS vulnerability

A regular user of the board can embed javascript code that could be executed within the context of the admin's browser. If the user edits their own profile by going to "http://[server]/viscacha/editprofile.php?action=profile" and places "<script>alert(document.cookie)</script>" into the instant messenger fields and then gives the following link to the admin: http://[server]/viscacha/profile.php?action=ims&type=msn&id=1 The user could potentially log the admins cookie and reset their own session thus gaining administration access.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

#################################################################
#
# Viscacha 0.8 Gold persistant XSS vulnerability
# Found By: mr_me
# Download: http://www.viscacha.org/
# Tested On: Windows Vista
# Note: For educational purposes only
#
#################################################################

POC Info:

A regular user of the board can embed javascript code that could be executed within the context of the admin's browser.
If the user edits their own profile by going to "http://[server]/viscacha/editprofile.php?action=profile"
and places "<script>alert(document.cookie)</script>"
into the instant messenger fields and then gives the following link to the admin:

http://[server]/viscacha/profile.php?action=ims&type=msn&id=1

The user could potentially log the admins cookie and reset their own session thus gaining administration access.