SNS Vulnerability

FlatNuke Cross Site Scripting and PHP File Inclusion Vulnerabilities

Description

Multiple vulnerabilities were identified in FlatNuke, which may be exploited by remote attackers to compromise a vulnerable server, conduct cross site scripting attacks or cause a denial of service.
- The first flaw is due to an input validation error in the "Referer" HTTP header, which may be exploited by a remote attacker to execute arbitrary commands with the privileges of the web server.
- The second vulnerability is due to an input validation error in the "help.php" and "footer.php" files when handling a specially crafted "border" or "back" parameter, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.
- The third issue is due to an infinite loop in the "foot_news.php" file when called directly via the browser, which may be exploited by attackers to cause a denial of service.
- The fourth flaw is due to an input validation error in the "thumb.php" file when handling a specially crafted "image" parameter, which may be exploited to conduct directory traversal attacks or to disclose the installation path.

Vulnerable Products

Vulnerable Software:
FlatNuke version 2.5.3 and prior

Solution

Upgrade to FlatNuke version 2.5.4 : http://sourceforge.net/project/showfiles.php?group_id=93076&package_id=98622

CVE

References

http://www.secwatch.org/advisories/secwatch/20050604_flatnuke.txt

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : javascript code in flash clickTAG parameter	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : 'script' tag in flash clickTAG parameter	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

High

Vulnerability First Public Report Date

2005-06-07

Target Type

Server

Possible exploit

Local & Remote