1. Introduction
The e107 submitnews.php script is vulnerable to a cross-site scripting (XSS) attack. This means an attacker could inject malicious code into web pages viewed by other users. Successful exploitation can lead to account takeover, data theft, or website defacement. Systems running affected versions of e107 are at risk. Impact on confidentiality is likely if sensitive user data is accessed; integrity is impacted through the injection of malicious content; and availability could be compromised via defacement or denial-of-service attacks.
2. Technical Explanation
- Root cause: Insufficient input validation within the ‘submitnews.php’ script allows arbitrary JavaScript code to be injected into web pages.
- Exploit mechanism: An attacker sends a specially crafted POST request to the ‘submitnews.php’ script, containing malicious JavaScript in a user-supplied field (e.g., news title or content). When another user views the submitted news item, the JavaScript is executed in their browser. Example payload: ``.
- Scope: Affected versions of e107 are known to be vulnerable; specific version ranges have not been confirmed by Nessus.
3. Detection and Assessment
Confirming vulnerability requires checking the installed version of e107 and assessing whether user input is properly sanitized. Scanning tools can help identify potentially affected instances.
- Quick checks: Check the e107 version via the admin interface or by examining the ‘version.php’ file in the e107 installation directory.
- Scanning: Nessus plugin ID 36849 may detect this vulnerability, though it has not checked for all related issues. Other XSS scanners can be used to test input fields within the submitnews.php script.
- Logs and evidence: Monitor web server logs for suspicious POST requests containing JavaScript code targeting ‘submitnews.php’. Look for patterns like `