TUCoPS :: HP Unsorted T :: b06-5274.htm

TorrentFlux action Script Insertion
TorrentFlux action Script Insertion
TorrentFlux action Script Insertion


TorrentFlux =93action=94 Script Insertion

TITLE:
TorrentFlux =93action=94 Script Insertion

CRITICAL:
Not Critical
IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
TorrentFlux 2.x

DESCRIPTION:
I have discovered a vulnerability in TorrentFlux, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the =93action=94 variable is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrator=92s browser session in context of an affected site when the =93Activity Log=94 is viewed.

The vulnerability has been confirmed in version 2.1. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.
/admin.php
Line 336:

$output .= =94
=93.htmlentities($action, ENT_QUOTES).=94

=93;

Line 398:

echo =93=94.htmlentities($action, ENT_QUOTES).=94";

ORIGINAL ADVISORY:
http://www.stevenroddis.com.au/2006/10/17/torrentflux-action-script-insertion/

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH