eggblog-xss.txt

eggblog-xss.txt: Posted Nov 13, 2007; Authored by Mesut Timur | Site h-labs.org; Eggblog version 3.1.0 is susceptible to cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | b0ad0fa2892ffa6c90277931bf860dadba6a06a310f67b381c02a6a0b2ada0d6; Download | Favorite | View

eggblog-xss.txt

H - Security Labs  
Eggblog v3.1.0 Security Advisory 
ID : HSEC#20071111 
General Information
--------------------------
Name                     : EggBlog v.3.1.0
Vendor HomePage          :http://sourceforge.net/projects/eggblog/ 
Platforms                : PHP && MySQL
Vulnerability Type       : Input Validation Error

Timeline
-------------------------
08 October  2007  -- Vendor Contacted  
30 October  2007  -- Vendor Replied
11 November 2007  -- New Release
11 November 2007  -- Advisory Released


What is Eggblog
------------------------
eggblog is a free PHP & MySQL blogging package. Features include an internal search engine,

photo albums, forums, plug-ins, guest comments to blog articles, automatic monthly archiving

of blog articles and RSS XML feeds for both the blog and forums.
I discovered the security holes when I was testing it for my personel web blog.

Vulnerability Overview
------------------------
The script is vulnerable to XSS attacks.

Details About Vulnerability
------------------------
XSS Vulnerability(home/rss.php)

At the rss.php line 6-7; there are unfiltered PHP_SELFs that can be used for XSS attacks.
---------
<a

href=\"../rss/blog.php\">".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER['

PHP_SELF'])."/rss/blog.php</a></li>
<a

href=\"../rss/topics.php\">".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER

['PHP_SELF'])."/rss/topics.php</a></li>
---------

The attacker can succesfully launch XSS attacks with loading payload on to the URL after the

home\rss.php. For example :
http://www.example.com/home/rss.php/<script>alert(1)</script>
 
Solutions
-----------------------
Download the new release : EggBlog v3.1.1

Credits
-----------------------
The vulnerabilities found on 08 October 2007
by Mesut Timur <mesut@h-labs.org>
H - Security Labs , http://www.h-labs.org
Gebze Institue of Technology,Computer Engineering,http://www.gyte.edu.tr

References
-----------------------
http://sourceforge.net/forum/forum.php?forum_id=753622
http://www.eggblog.net
http://sourceforge.net/projects/eggblog/
Original Advisory : http://www.h-labs.org/blog/2007/11/11/eggblog_v3_1_0_xss_issues.html

Mesut TIMUR
http://www.h-labs.org
H - Security Labs Güvenlik Editörü
GYTE Bilgisayar Mühendisligi

Top Authors In Last 30 Days

Red Hat 231 files
indoushka 108 files
Ubuntu 86 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

eggblog-xss.txt

eggblog-xss.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

eggblog-xss.txt

Share This

eggblog-xss.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems