RadBids Gold faq.php and index.php scripts cross-site scripting

radbids-gold-php-xss (20038) The risk level is classified as MediumMedium Risk

Description:

RadBids Gold is vulnerable to cross-site scripting caused by improper validation of user-supplied input. A remote attacker could embed malicious script in a URL request to the faq and index.php scripts which, once the link is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.


Consequences:

Gain Access

Remedy:

Apply the appropriate patch for your system. See References.

References:

  • Dcrab 's Security Advisory: Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2.
  • RadScripts Web site: RadScripts: php auction software php auction scripts.
  • BID-11646: Linux Kernel BINFMT_ELF Loader Local Privilege Escalation Vulnerabilities
  • BID-13080: RadScripts RadBids Gold Multiple Vulnerabilities
  • CVE-2004-1073: The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
  • CVE-2005-1075: Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.
  • DSA-1067: kernel-source-2.4.16 -- several vulnerabilities
  • DSA-1069: kernel-source-2.4.18 -- several vulnerabilities
  • DSA-1070: kernel-source-2.4.19 -- several vulnerabilities
  • DSA-1082: kernel-source-2.4.17 -- several vulnerabilities
  • DSA-1286: linux-2.6 -- several vulnerabilities
  • DSA-1304: kernel-source-2.6.8 -- several vulnerabilities
  • MDKSA-2005:022: Updated kernel packages fix multiple vulnerabilities
  • OSVDB ID: 15430: RadBids Gold faq.php farea Variable XSS
  • OSVDB ID: 15431: RadBids Gold index.php Multiple Varaible XSS
  • RHSA-2004-504: Updated Itanium kernel packages resolve security issues
  • RHSA-2004-505: Updated kernel packages fix security vulnerability
  • RHSA-2004-549: kernel security update
  • RHSA-2005-293: kernel security update
  • RHSA-2006-0190: kernel security update
  • RHSA-2006-0191: kernel security update
  • SA14906: RadBids Gold Multiple Vulnerabilities
  • SUSE-SA:2004:042: kernel: local and remote denial of service
  • SUSE-SR:2004:002: SUSE Security Summary Report
  • SUSE-SR:2004:003: SUSE Security Summary Report

Platforms Affected:

  • Debian Debian Linux 3.0
  • Debian Debian Linux 3.1
  • Debian Debian Linux 4.0
  • MandrakeSoft Mandrake Linux 10.0 AMD64
  • MandrakeSoft Mandrake Linux 10.0
  • MandrakeSoft Mandrake Linux 10.1 X86_64
  • MandrakeSoft Mandrake Linux 10.1
  • MandrakeSoft Mandrake Linux 9.2
  • MandrakeSoft Mandrake Linux 9.2 AMD64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
  • MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 3.0
  • MandrakeSoft Mandrake Multi Network Firewall 8.2
  • Novell Linux Desktop 9
  • RadScripts RadBids Gold 2
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 2.1 WS
  • RedHat Enterprise Linux 3 Desktop
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 ES
  • RedHat Enterprise Linux 3 WS
  • RedHat Linux Advanced Workstation 2.1 Itanium
  • SuSE Linux Enterprise Server 8
  • SuSE Linux Enterprise Server 9
  • SUSE SuSE Linux 8.1
  • SUSE SuSE Linux 9.0
  • SUSE SuSE Linux 9.2
  • SuSE SuSE Linux Desktop 1.0
  • Turbolinux Turbolinux 10 Server

Reported:

Apr 11, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page