Zenphoto version 1.4.3.2 suffers from a cross site scripting vulnerability.
c313654cf06a5459638e4cb26e414198c80c70942da3bd786c488538808104e7
-------------------------
Affected products:
-------------------------
Product : Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
Affected function: printPublishIconLink
----------
Details:
----------
The file admin-news-articles.php calls the function printPublishIconLink
which generates HTML from data stored in the $_GET super global, this can be
used to generate a XSS attack or more seriously, as a admin user need to be
logged in to access the page admin-news-articles.php, a cookie stealing
script.
Example code:
http://127.0.0.1/zenphoto/zp-core/zp-extensions/zenpage/admin-news-articles.
php?date=%22%3E%3Cscript%3Ealert%28%27Cookie%20sealing%20Javascript%27%29;%3
C/script%3E%3C>
--------------------
Suggested fix:
--------------------
Sanitize the $_GET super global on lines 1637 through 1641 in
zenpage-admin-functions.php file
------------
Timeline:
------------
12-Sept-2012 Zenphoto and UK-CERT informed
18-Sept-2012 Zenphoto confirmed and fixed (see
http://www.zenphoto.org/trac/changeset/10836).
1-Oct-2012 Zenphoto 1.4.3.3 released fixing hole.
--
Scott Herbert Cert Web Apps (Open)
http://blog.scott-herbert.com/
Twitter @Scott_Herbert
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed