what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SiliSoftware phpThumb() 1.7.11 Cross Site Scripting

SiliSoftware phpThumb() 1.7.11 Cross Site Scripting
Posted May 16, 2012
Authored by LiquidWorm | Site zeroscience.mk

SiliSoftware phpThumb() version 1.7.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b0297f9e69c26f42d51c1e7aaaba6b1b125a76fa647dcd73ccf099f2fd2f43d6

SiliSoftware phpThumb() 1.7.11 Cross Site Scripting

Change Mirror Download

phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability


Vendor: SiliSoftware
Product web page: http://www.silisoftware.com
Affected version: 1.7.11-201108081537

Summary: phpThumb() uses the GD library to create thumbnails from
images (JPEG, PNG, GIF, BMP, etc) on the fly. The output size is
configurable (can be larger or smaller than the source), and the
source may be the entire image or only a portion of the original
image.

Desc: phpThumb is prone to a cross-site scripting vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input to the 'dir' and the 'title' parameter
of the 'phpThumb.demo.random.php' and 'phpThumb.demo.showpic.php'
scripts. Attackers can exploit this weakness to execute arbitrary
HTML and script code in a user's browser session.

Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
PHP 5.3.8
MySQL 5.5.20


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2012-5088
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5088.php



15.05.2012

--

GET [SOME_CMS]/phpthumb/demo/phpThumb.demo.random.php?dir="><script>alert(document.cookie);</script> HTTP/1.1
GET [SOME_CMS]/phpthumb/demo/phpThumb.demo.showpic.php?title="><script>alert(document.cookie);</script> HTTP/1.1
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close