SecurityTracker.com Archives - Pixelpost Input Validation Holes Permit Cross-Site Scripting Attacks

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Forum/Board/Portal) > Pixelpost

Vendors: pixelpost.org

Pixelpost Input Validation Holes Permit Cross-Site Scripting Attacks

SecurityTracker Alert ID: 1015529

SecurityTracker URL: http://securitytracker.com/id?1015529

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jan 24 2006

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Version(s): 1.4.3

Description: Aliaksandr Hartsuyeu of eVuln reported a vulnerability in Pixelpost. A remote user can conduct cross-site scripting attacks.

The 'index.php' script does not properly filter HTML code from user-supplied input in several variables before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Pixelpost software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The original advisory is available at:

http://evuln.com/vulns/45/summary.html

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Pixelpost software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: No solution was available at the time of this entry.

Vendor URL: www.pixelpost.org/ (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: Alex <alex@evuln.com>

Message History: None.

Source Message Contents

Date: Mon, 23 Jan 2006 18:12:47 +0300
From: Alex <alex@evuln.com>
Subject: [eVuln] Pixelpost Photoblog XSS Vulnerability

 
New eVuln Advisory:
Pixelpost Photoblog XSS Vulnerability
http://evuln.com/vulns/45/summary.html
 
--------------------Summary----------------
 
Software: Pixelpost Photoblog
Sowtware's Web Site: http://www.pixelpost.org/
Versions: 1.4.3
Critical Level: Moderate
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
eVuln ID: EV0045
 
-----------------Description---------------
Vulnerable script: index.php 
 
Most of user-defined variables isn't properly sanitized. This can be
used to post arbitrary html or script code. This code will be executed
when administrator will open "comments" menu in admin CP. 
 
Cookie-based authentication is threatened. 
 
Administrator has an ability to upload arbitrary files. 
 
System access is possible.
 
--------------Exploit----------------------
Link: http://host/pixelpost/index.php?popup=comment&showimage=1 
 
Add Comment: <XSS>
 
--------------Solution---------------------
No Patch available.
 
--------------Credit-----------------------
Original Advisory:
http://evuln.com/vulns/45/summary.html
 
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2006, SecurityGlobal.net LLC