Home page logo

bugtraq logo Bugtraq mailing list archives

[ARL02-A03] DCP-Portal Cross Site Scripting Vulnerability
From: Ahmet Sabri ALPER <s_alper () hotmail com>
Date: 15 Feb 2002 14:04:44 -0000

+/--------\------- ALPER Research Labs -----/--------/+
+/---------\------  Security Advisory  ----/---------/+
+/----------\-----    ID: ARL02-A03    ---/----------/+
+/-----------\---- salper () olympos org  --/-----------/+

Advisory Information
Name               : DCP-Portal Cross Site Scripting 
Software Package   : DCP-Portal
Vendor Homepage    : http://www.dcp-portal.com
Vulnerable Versions: v4.2, v4.1 final, v4.0 final, v3.7 
and probably all
                     previous versions.
Platforms          : Linux
Vulnerability Type : Input Validation Error
Vendor Contacted   : 09/02/2002 (no reply)
Prior Problems     : N/A
Current Version    : 4.2 (vulnerable)

DCP-Portal is a content management system with 
advanced features like 
web-based update, link, file, member management, 
poll, calendar, etc. 
Its main features include an admin panel to manage 
the entire site, a 
smart HTML editor to add news, content, and 
annoucements, the ability 
for members to submit news/content and write 
reviews, and much more. 
It's an open-source project, which is also supported 
by FreshMeat.

A Cross Site Scripting vulnerability exists in Dcp-
This would allow a remote attacker to send 
information to victims 
from untrusted web servers, and make it look as if 
the information 
came from the legitimate server.

The attacker will first register, with probably an 
first-coming username (eg: aaaaa). After registering, 
activating and  
logging in with the the account, he/she would request 
the Change Details 
form "http://www.dcp-portal_host/user_update.php";.
There, he/she may change the job info, inserting 
arbitrary codes.
&lt;script&gt;alert("ALPERz was here!")&lt;/script&gt;
After applying this information, whenever any logged 
in member, requests 
the members page, this CSS vulnerability will take 

This CSS vulnerability, might also be exploitable, 
when a user first registers.

Suggested Solution:
Strip HTML tags, and possibly other malicious code 
within user_update.php
Vendor did not care to reply or was unreachable.

Discovered on 09, February, 2002 by Ahmet Sabri 
ALPER salper () olympos org
Ahmet Sabri ALPER is the System Security Editor of 
PCLIFE Magazine.

Olympos Turkish Security Portal: 

Product Web Page: http://www.dcp-portal.com

  By Date           By Thread  

Current thread:
  • [ARL02-A03] DCP-Portal Cross Site Scripting Vulnerability Ahmet Sabri ALPER (Feb 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]