ZenPhoto 1.4.0.3 Cross Site Scripting

2011.04.25
Credit: Saif El-Sherei
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS # Date: 21-4-2011 # Author: Saif El-Sherei # Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip # Version: 1.4.0.3 latest updated 2011-4-19 # Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an answer to lots of calls for an online gallery solution that just makes sense. After years of bloated software that does everything and your dishes, zenphoto just shows your photos, simply. It's got all the functionality and "features" you need, and nothing you don't. Where the old guys put in a bunch of modules and junk, we put a lot of thought. We hope you agree with our philosopy: simpler is better. Details: failure to sanitize "x-forwarded-for" HTTP header in security logs before being displayed in "zp-core/admin-logs.php", could allow a remote attacker to inject malicious HTML code by altering the "x-forwarded-for" HTTP header using either an intercepting proxy or manual requests in security logs and attack any user with sufficient privilege to access "Security-logs", usually appliaction administrators by presistent XSS. POC: <script>alert('Saif was Here');</script> Regards, Saif El-Sherei


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top