|
Geeklog Cross Site Scripting and Weak Session Control
|
|
Secunia Advisory:
|
SA9966
|
|
|
Release Date:
|
2003-10-08
|
|
Popularity:
|
5,213 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Geeklog 1.x
Geeklog 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Multiple vulnerabilities have been reported in Geeklog allowing malicious people to conduct Cross Site Scripting and retrieve password hashes.
Geeklog stores the password hash in cookies to verify if users are logged in. This could expose the password if Cross Site Scripting vulnerabilities exist.
Logged in users do not need to supply the old password to change it. This is not regarded as a vulnerability, but it is an inappropriate way to handle password changes.
While most functions in the forum do filter out normal "<SCRIPT>" tags, it is still possible to inject script using HTML parameters.
Example:
<img src="javascript:alert()">
Solution:
Edit the source code so that input is properly validated or use a different product.
Provided and/or discovered by:
jelmer
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
