1. Introduction
The vulnerability, pod.board 1.1 Multiple Script XSS, is a flaw in the Pod.Board CGI suite that allows an attacker to inject malicious scripts into web pages viewed by legitimate users. This can lead to cookie theft and session hijacking. Systems running vulnerable versions of Pod.Board are affected. Impact on confidentiality is likely, with potential for integrity compromise if attackers modify content. Availability may be impacted through denial of service attacks resulting from user redirects or altered page behaviour.
2. Technical Explanation
The vulnerability stems from insufficient input validation within the Pod.Board CGI scripts. An attacker can craft a URL containing malicious JavaScript code, which is then executed in the browser of any user who clicks on that link. This allows them to steal cookies associated with the web application. The attack requires users to click a specially crafted link. CVE-2006-4985 describes this issue.
- Root cause: Missing input validation and improper output encoding in PHP scripts.
- Exploit mechanism: An attacker sends a URL with malicious JavaScript code as a parameter. When a user visits the URL, the script executes within their browser context. For example, an attacker could send
http://example.com/forum.php?param= - Scope: Pod.Board CGI suite version 1.1 is affected.
3. Detection and Assessment
Confirming vulnerability involves checking the installed Pod.Board version and attempting to inject a test script.
- Quick checks: Check the application’s ‘About’ page or configuration files for the Pod.Board version number.
- Scanning: Nessus plugin ID 30268 may detect this vulnerability, but results should be verified manually.
- Logs and evidence: Examine web server logs for requests containing suspicious characters like `