ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path 

Disclosure





Published: 11 august 2003



Released: 11 august 2003



Name: Zorum



Affected Systems: v.3.4



Issue: Remote attackers can inject XSS script and know the path of the 

site. 



Author: G00db0y@zone-h.org



Vendor: http://zorum.phpoutsourcing.com/



Description



***********



Zone-h Security Team has discovered a flaw in Zorum v3.4 (and older 

versions?).

"Zorum is a message board software, which may be used with equal success 

on both

intra- and internet sites."







Details



*******

 

It's possibile to inject XSS script in the method variable. 



Example: 



http://www.site.com/pathofzorum/index.php?method=<script>alert('test')

</script>



It's possible to make a malformed http request for many variables in

Zorum and in doing so trigger an error. The resulting error message will 

disclose 

potentially sensitive installation path information to the remote 

attacker. 



Example:



http://www.site.com/pathofzorum/index.php?

method=userfunctions&'list=secmenu&







Solution:



*********



The vendor has been contacted and a patch is not yet produced.





Suggestions:



************



Filter the method variable (xss problem), filter all variables. 





G00db0y - www.zone-h.org admin



Original advisory here: http://www.zone-h.org/en/advisories/read/id=2867/