[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201001262212.o0QMCAkM010722@www3.securityfocus.com>
Date: Tue, 26 Jan 2010 15:12:10 -0700
From: advisories@...ern0t.net
To: bugtraq@...urityfocus.com
Subject: [InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability
ShareTronix - HTML Injection Vulnerability
Version Affected: 1.0.4 (newest)
Info:
Sharetronix Opensource is a multimedia microblogging platform.
It helps people in a community, company, or group to exchange short messages over the Web.
Credits: MaXe from InterN0T (patched the vulnerability) & Reelix (found the vulnerability)
External Links:
http://sharetronix.com/opensource/
-:: The Advisory ::-
The header.php file for showing a single microblog entry does not sanitize the page_title correct.
page_title is set by the user when posting an entry to the microblog platform.
Files:
sharetronix/system/templates/header.php
00013: <title><?= $D->page_title ?></title>
sharetronix/system/templates/mobile/header.php
00014: <title><?= $D->page_title ?></title>
-:: Solution ::-
sharetronix/system/templates/header.php
00013: <title><?= htmlentities($D->page_title); ?></title>
sharetronix/system/templates/mobile/header.php
00014: <title><?= htmlentities($D->page_title); ?></title>
Disclosure Information:
- Vulnerability found 26th January
- Patch was made available 26th January
- Vendor and Buqtraq (SecurityFocus) contacted the 26th January
- Will be disclosed on InterN0T 27th January
All of the best,
MaXe
Powered by blists - more mailing lists