RadBids Gold faq.php and index.php scripts cross-site scripting

radbids-gold-php-xss (20038) The risk level is classified as MediumMedium Risk

Description:

RadBids Gold is vulnerable to cross-site scripting caused by improper validation of user-supplied input. A remote attacker could embed malicious script in a URL request to the faq and index.php scripts which, once the link is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

  • Debian, Debian Linux 3.0
  • Debian, Debian Linux 3.1
  • Debian, Debian Linux 4.0
  • MandrakeSoft, Mandrake Linux 10.0
  • MandrakeSoft, Mandrake Linux 10.0 AMD64
  • MandrakeSoft, Mandrake Linux 10.1
  • MandrakeSoft, Mandrake Linux 10.1 X86_64
  • MandrakeSoft, Mandrake Linux 9.2 AMD64
  • MandrakeSoft, Mandrake Linux 9.2
  • MandrakeSoft, Mandrake Linux Corporate Server 2.1
  • MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
  • MandrakeSoft, Mandrake Linux Corporate Server 3.0
  • MandrakeSoft, Mandrake Multi Network Firewall 8.2
  • Novell, Linux Desktop 9
  • RadScripts, RadBids Gold 2
  • RedHat, Enterprise Linux 2.1 AS
  • RedHat, Enterprise Linux 2.1 WS
  • RedHat, Enterprise Linux 2.1 ES
  • RedHat, Enterprise Linux 3 AS
  • RedHat, Enterprise Linux 3 ES
  • RedHat, Enterprise Linux 3 WS
  • RedHat, Enterprise Linux 3 Desktop
  • RedHat, Linux Advanced Workstation 2.1 Itanium
  • SuSE, SuSE Linux 8.1
  • SuSE, SuSE Linux 9.0
  • SuSE, SuSE Linux 9.2
  • SuSE, SuSE Linux Desktop 1.0
  • SuSE, SuSE Linux Enterprise Server 8.0
  • SuSE, SuSE Linux Enterprise Server 9.0
  • Turbolinux, Turbolinux 10 Server

Remedy:

No remedy available as of November 29, 2008.

Consequences:

Gain Access

References:

  • Dcrab 's Security Advisory, Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2 at http://seclists.org/lists/bugtraq/2005/Apr/0144.html.
  • RadScripts Web site, RadScripts: php auction software php auction scripts at http://www.radscripts.com/.
  • BID-11646: Linux Kernel BINFMT_ELF Loader Local Privilege Escalation Vulnerabilities
  • BID-13080: RadScripts RadBids Gold Multiple Vulnerabilities
  • CVE-2004-1073: The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
  • CVE-2005-1075: Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.
  • DSA-1067: kernel-source-2.4.16 -- several vulnerabilities
  • DSA-1069: kernel-source-2.4.18 -- several vulnerabilities
  • DSA-1070: kernel-source-2.4.19 -- several vulnerabilities
  • DSA-1082: kernel-source-2.4.17 -- several vulnerabilities
  • DSA-1286: linux-2.6 -- several vulnerabilities
  • DSA-1304: kernel-source-2.6.8 -- several vulnerabilities
  • MDKSA-2005:022: Updated kernel packages fix multiple vulnerabilities
  • OSVDB ID: 15430: RadBids Gold faq.php farea Variable XSS
  • OSVDB ID: 15431: RadBids Gold index.php Multiple Varaible XSS
  • RHSA-2004-504: Updated Itanium kernel packages resolve security issues
  • RHSA-2004-505: Updated kernel packages fix security vulnerability
  • RHSA-2004-549: kernel security update
  • RHSA-2005-293: kernel security update
  • RHSA-2006-0190: kernel security update
  • RHSA-2006-0191: kernel security update
  • SA14906: RadBids Gold Multiple Vulnerabilities
  • SUSE-SA:2004:042: kernel: local and remote denial of service
  • SUSE-SR:2004:002: SUSE Security Summary Report
  • SUSE-SR:2004:003: SUSE Security Summary Report

Reported:

Apr 11, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page