[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: pixelpost
From: Raphael Geissert <geissert () debian ! org>
Date: 2010-09-17 18:27:55
Message-ID: i70but$vlc$1 () dough ! gmane ! org
[Download RAW message or body]
Raphael Geissert wrote:
> It also appears to be using PHP_SELF in some places, so that's another XSS
> vector. Will confirm it later.
There a few easily-exploitable vectors on the following admin pages:
admin/index.php?view=comments
admin/index.php?view=options
admin/index.php?view=info
E.g.
http://host/pixelpost/admin/index.php/%22%3E%3Cscript%3Ewindow.alert();
%3C/script%3E'%3E%3Cscript%3Ewindow.alert();%3C/script%3E/?view=info
There is also another vector on the feeds generator if a template uses the
"old" (according to the code) tag <ATOM_AUTODETECT>.
Similarly, if a template uses the <TAG_RSS_LINK> or <TAG_ATOM_LINK> tags
there's another XSS vector via the tag= GET variable(none of the default
templates do, in 1.7.1 and 1.7.3.)
There are a few more in other places, but I guess the picture is clear.
Regards,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic