Zophs prior to 0.8.0.3 and 0.8.1.1 cross site scripting

2010-07-03 / 2010-07-04

Credit: Mohammed Boumediane

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Zoph Multiple Parameter Cross Site Scripting Vulnerabilities


I. BACKGROUND
---------------------

"Zoph (Zoph Organizes Photos) is a web based digital image presentation
and management system. In other words, a photo album. It is built with
PHP, MySQL and Perl."


II. VULNERABILITIES
---------------------

VUPEN Web Vulnerability Research Team discovered multiple vulnerabilities in
Zoph.

These issues are caused by input validation errors in various scripts when
processing the "user_name", "title", "called", "email", "dob", 
"middle_name",
"last_name", "first_name", "subject", "message", "photographer_id",
"person_id", "_random", "_rating-op", "rating", "timestamp" and
"_timestamp-op" parameters, which could be exploited to cause arbitrary
scripting code to be executed by the user's browser in the security
context of an affected Web site.


III. AFFECTED PRODUCTS
---------------------------

Zoph versions prior to 0.8.0.3
Zoph versions prior to 0.8.1.1


IV. SOLUTION
----------------

Upgrade to Zoph version 0.8.0.3 or 0.8.1.1 :
http://www.zoph.org/concrete/index.php/download/


V. CREDIT
--------------

These vulnerabilities were discovered by Mohammed Boumediane (VUPEN 
Security)
with help of the VUPEN Web Application Security Scanning (WASS) technology:

http://www.vupen.com/english/services/wass-index.php


VI. VUPEN Web Application Security Scanner (WASS)
----------------------------------------------------

VUPEN Web Application Security Scanner (WASS) is a SaaS security scanning
technology which enables corporations and organizations to identify, track
and remediate security vulnerabilities affecting their web sites and
web applications, prevent criminals from gaining unauthorized access to
sensitive data, and comply with security requirements such as PCI.

Read More: http://www.vupen.com/english/services/wass-index.php


VII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2010/1680
http://www.zoph.org/concrete/index.php/news/security-releases-for-zoph/


VIII. DISCLOSURE TIMELINE
-----------------------------

2010-05-05 - Vendor notified
2010-05-30 - Vendor response
2010-07-02 - Coordinated public Disclosure

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Zophs prior to 0.8.0.3 and 0.8.1.1 cross site scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.