|
[MajorSecurity #10]i.List <= 1.5 - XSS =0D
----------------------------------------=0D
=0D
Software: i.List=0D
=0D
Version: <=1.5=0D
=0D
Type: XSS=0D
=0D
Date: June, 8th 2006=0D
=0D
Vendor: Skoom=0D
=0D
Page: http://skoom.de=0D
=0D
=0D
Credits:=0D
-------------------------------=0D
=0D
David 'Aesthetico' Vieira-Kurz=0D
=0D
http://www.majorsecurity.de=0D
=0D
=0D
Affected Products:=0D
-------------------------------=0D
=0D
i.List 1.5 and prior=0D
=0D
=0D
Description:=0D
-------------------------------=0D
=0D
i.List is a php/mysql TOPLIST script.=0D
=0D
Requirements:=0D
-------------------------------=0D
=0D
register_globals = On=0D
=0D
=0D
Vulnerability:=0D
-------------------------------=0D
=0D
Input passed to the Inputbox in "search.php", the 'URL' inputbox=0D
and 'ButtonURL' in "add.php" is not properly filtered and verified, before it is used.=0D
This can be exploited to execute evil XSS-code.=0D
=0D
Solution:=0D
-------------------------------=0D
=0D
Edit the source code to ensure that input is properly sanitised.=0D
Set "register_globals" to "Off".=0D
=0D
=0D
Exploitation:=0D
-------------------------------=0D
In the inputbox of /search.php:=0D
Search for: =0D
=0D
In the inputbox 'URL' of add.php:=0D
Type in as URL: =0D
=0D
In the inputbox 'ButtonURL' of add.php:=0D
Type in as URL: =0D
=0D
=0D
=0D
=0D
=0D
=0D
=0D