[转载]MaxWebPortal跨站脚本漏洞

  文章作者：A^C^ESummary

Summary
"MaxWebPortal is a web portal and online community system which includes advanced features such as web-based administration, poll, private/public events calendar, user customizable color themes, classifieds, user control panel, online pager, link, file, article, picture managers and much more."

Several security flaws have been discovered in MaxWebPortal, these flaws can be exploited to compromise system's database integrity and to steal session cookie by crafting a malicious script.

Credit:
The information has been provided by Zinho.
The original article can be found at: http://www.hackerscenter.com/archive/view.asp?id=1807

Details
Vulnerable Systems:
* MaxWebPortal version 1.33

Cross Site Scripting:
In the page links_add_form.asp anyone can provide a URL banner such as: javascript:alert(document.cookie). This banner will trigger a cross site scripting whenever someone looks at the list of links.

SQL Injection:
An SQL injection is possible due improper filtering of user provided input receive through the function Update_Events in events_functions.asp. More specifically the parameter EVENT_ID passed within the POST is not properly validated.

Workaround:
In events_functions.asp line 192 replace chkstring(Request.Form("EVENT_ID"), "message") with:
if isnumber(Request.Form("EVENT_ID")) then
event_id=clng(Request.Form("EVENT_ID"))
else
response.end