TUCoPS :: HP Unsorted E :: tb11488.htm

eTicket v.1.5.1.1 Multiple Cross-Site Scripting
eTicket v.1.5.1.1 Multiple Cross-Site Scripting
eTicket v.1.5.1.1 Multiple Cross-Site Scripting


eTicket v.1.5.1.1 Multiple Cross-Site Scripting

Author: Attila Gerendi (Darkz)
Date: June 29, 2007
Package: eTicket (http://eticket.sourceforge.net/) 
Versions Affected: v.1.5.1.1 (Other versions may also be affected)
Severity: XSS

Input passed to "$_SERVER['REQUEST_URI']" in various scrips and includes is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed.

Vulnerable code pieces:

user_login.php on line 7:



admin_login.php on line 7:
""

user_group.php on line 15:


rep.php on line 15:


pref.php on line 15:


my.php on line 15:


main.php on line 216:


mail.php on line 16:


cat.php on line 16:


banlist_delete.php on line 13:


banlist_delete.php on line 43:


banlist_addedit.php on line 27:


banlist_addedit.php on line 40:


banlist.php on line 41:


searc_form.php

$surl=$_SERVER['PHP_SELF'].'?s='.$news;
$qs=preg_replace('/s=(basic|advanced)/', '', $_SERVER['QUERY_STRING']);
if ($qs != '') { $surl.=(substr($qs, 0, 1) == '&')?$qs:"&$qs"; }

?>
    
    []

Status:
1. Contacted the author at June 29, 2007 via sourceforge tracker (https://sourceforge.net/tracker/?func=detail&atid=725721&aid=1745220&group_id=132967).
2. The author concluded "I am not happy that this is a real bug, and therefore will be closed until further notice."

Solution:
-edit the source code to ensure the input is properly sanitized.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH