phplinkdirectory_070121.txt

phplinkdirectory_070121.txt: Posted Jan 24, 2007; Authored by Jussi Vuokko, Henri Lindberg | Site smilehouse.com; PHP Link versions 3.0.6 and below are susceptible to a cross site scripting vulnerability.; tags | exploit, php, xss; SHA-256 | 6b2b52bda7ceaee66733cc1672e10cb2052f52629a8dfb1a363b5cd9d1d31a59; Download | Favorite | View

phplinkdirectory_070121.txt

                           Smilehouse Oy
                      -= Security Advisory =-


     Advisory: PHP Link Directory XSS Vulnerability
 Release Date: 2007/01/21
Last Modified: 2007/01/21
      Authors: Jussi Vuokko, CISSP [jussi.vuokko@smilehouse.com]
               Henri Lindberg, Associate of (ISC)² [henri.lindberg@smilehouse.com]

  Application: PHP Link Directory <= 3.0.6
     Severity: XSS vulnerability within the administration
               interface allow Cross Site Scripting attacks against
               the link directory admin
         Risk: Critical
Vendor Status: Vendor has released an updated version
   References: http://www.smilehouse.com/advisory/phplinkdirectory_070121.txt


Overview:

   Quote from http://www.phplinkdirectory.com
   "phpLD is now the most widely used directory script on the
    internet. Our customers having tested the script on over 10,000
    websites has allowed us to bring you a script that works in
    virtually all PHP hosting environments. Put simply, it just
    works."

   During an quick audit of PHP Link Directory it was discovered that
   XSS vulnerability exist in the administration area. Thus, it is
   possible for an attacker, tricking an admin, to validate submitted
   link, and to perform any administrative actions in the link
   directory. These include e.g. posting entries or adding additional
   admin users.


Details:

   PHP Link Directory failed to sanitize user input correctly on the
   administration page. User can submit link (URL) containing
   javascript which will be executed on the administration page after
   selecting "Validate links" -> "Start". This is due to the URL being
   saved without HTML encoding.


Proof of Concept:

   Example of an URL:

   http://www.example.com/index.html"><script>;alert('url');</script>

   As "Validate links" -> "Start" is selected on the administration
   page the javascript alert will pop up.


Workaround

   Update to PHP Link Directory > 3.0.6.


Disclosure Timeline:

   30. October 2006 - Contacted PHP Link Directory developers by email
   1. December 2006 - Vender released an updated version
   21. January 2007 - Advisory was released


Copyright 2007 Smilehouse Oy. All rights reserved.

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

phplinkdirectory_070121.txt

phplinkdirectory_070121.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

phplinkdirectory_070121.txt

Share This

phplinkdirectory_070121.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems