Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

2008.03.06

Credit: Valery Marchuk

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2008-1172 | CVE-2008-1173

CWE: CWE-79

Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

Application: TorrentTrader Classic v1.08, possible other versions.

Vendor URL: 
http://sourceforge.net/project/showfiles.php?group_id=98584&package_id=1
809271.

1. Input passed to the msg property of account-inbox.php is not properly
sanitized before being displayed to the user. A malicious authenticated user
can execute arbitrary HTML and scripting code in a user's browser session in
context of an affected web site.
Example:
http://[host]/account-inbox.php?msg=<script>alert(document.cookie)</scr
ipt>&receiver=<username>

2. The application allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the request.  A malicious
person can perform a CSRF attack.
Example:
http://[host]/account-inbox.php?msg=<message>&receiver=<username>

Vulnerability #1 was discovered by Dominus.
Original URL: http://www.securitylab.ru/vulnerability/347887.php

BR,
Valery Marchuk
www.SecurityLab.ru

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.