Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

xoops Quizz Module IMG bug

From: magistrat <magistrat () blocus-zone com>
Date: 11 Nov 2002 03:15:08 -0000


Author: Magistrat
http://www.blocus-zone.com 
magistrat@blocus-zone com 
Date: 11/11/2002
Object: IMG bug in quizz module
risk: Medium-high
advisory url: http://www.blocus-zone.com/modules/news/article.php?storyid=180

-----------------------------------------------------

After having highlighted with echu.org an IMG vulnerability for to xoops and phpnuke, i found an another risk on 
different kind of portal with the module quizz.

Description of quizz :

This is just the module who permit to a webmaster to propose quiz, with a good administration in the elaboration of 
answers/questions and explanations in case of wrong answers. Quiz for xoops is an adaptation of phpnuke.

As for the news module of xoops or phpnuke, quizz does not escape to the confidential problem who asserts himself 
between a webmaster and his member, because options of this module permit to propose on-line questions by members.

------------------------------------------------------
The vulnerability  :

If the moderating/administrator of this module allows the on line development of questions, he takes a risk like this :

<IMG SRC="javascript:alert('blocus-zone')"> placed in a multiple answer.

( Note that the code that we have a presented here is not dangerous, however there is some codes much more
malicious for the subtilization of admin cookie )

to verify questions elaborated by his member, the moderator or admin goes to visualize before the  proposal, even then 
, a pop up creates a page in his final form to give a visualization to the approver of questions/quiz, and this cause 
automatically the bug on browser, without that the administrator or the moderator have not been able to perceive him 
before.  
------------------------------------------------------

Demonstration and translation on this page :

http://www.blocus-zone.com/modules/news/article.php?storyid=180

xoops as well as the creators of this modules has prevented, but to my great disappointment, no answer and no patch was 
given to me, and this since 1 week.

Regards
Magistrat

(sorry for my poor english, i'm french)
Previous By Date Next
Previous By Thread Next

Current thread: