[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
Date: 2005 February
Bug Number: 06

paNews
is a news management script to use on your site. Users can use paCode, special code designed to allow the adding of images and font changes in the posts without allowing users to use HTML to post harmful things such as Java scripts and applets. It has several other features making adding entries and controlling it easily.
More info @:
http://www.phparena.net/panews.php


Discussion:
--------------------
XSS Vulnerability in 'comment.php' that may allow a remote user to launch cross-site scripting attacks.

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.

This vulnerability is reported to exist in paNews version 2.0b4, other versions might also be affected. 

Exploit:
--------------------
http://www.example.com/comments.php?op=view&newsid=1&showpost="><h1>AttackerXSSvulnerable<!--


Example:
--------------------
@ authors website!
http://demo.phparena.net/panews/comments.php?op=view&newsid=73&showpost="><h1>AttackerXSSvulnerable<!--

Solution:
--------------------
check 'showpost' value with PHP patterns then view it.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: our security team users.


Help
--------------------
Read our whitepaper about XSS Vulnerability (only in FARSI language):
http://www.persianhacker.net/articles/article-2322.html
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net


Note
--------------------
Scripts authors were not be contacted for this bug.
Our english article about XSS Vulnerability available   soon.