## Security Advisory : Cross-Site Scripting flaw in Simple Directory Listing ## Discovered by ==> Amol Naik (amolnaik4_at_gmail_dot_com) ## Overview ## -------------- Quote from from http://simpledirectorylisting.net/ : "Simple Directory Listing is a single file php script which functions as directory listing in an apache http server. It provides many useful functions like copy, delete, read/write, etc.". There are 21,739,293 downloads from sourceforge.net. ## Vulnerability Description ## ----------------- Simple Directory Listing is vulnerable to Cross-Site Scripting, allowing injection of malicious code in the context of the application. ## Technical Details ## ------------- Vulnerable Product : Simple Directory Listing 2.1_beta1 Download : http://sourceforge.net/projects/simpledirectory/files/simpledirectorylisting/SDL2.1_beta1/SDL2.1_beta1.zip/download Vulnerability Type : Cross-Site Scripting (XSS) Affected page : SDL2.php Vulnerable parameters : cwdRelPath ## Timeline ## -------------- Bug Discovered : October 3rd, 2009 Informed Vendor : October 3rd, 2009 but no response received till date. ## Proof of concept ## ---------------------- http://localhost/simpledirectorylisting/SDL2.php?cwdRelPath= '>