<?= $D->page_title ?>

ShareTronix - HTML Injection Vulnerability


Version Affected: 1.0.4 (newest)


Info:

Sharetronix Opensource is a multimedia microblogging platform. 

It helps people in a community, company, or group to exchange short messages over the Web.


Credits: MaXe from InterN0T (patched the vulnerability) & Reelix (found the vulnerability)


External Links:

http://sharetronix.com/opensource/


-:: The Advisory ::-

The header.php file for showing a single microblog entry does not sanitize the page_title correct.


page_title is set by the user when posting an entry to the microblog platform.


Files:

sharetronix/system/templates/header.php 

00013: <title><?= $D->page_title ?></title>

  
sharetronix/system/templates/mobile/header.php 

00014: <title><?= $D->page_title ?></title>


-:: Solution ::-

sharetronix/system/templates/header.php 

00013: <title><?= htmlentities($D->page_title); ?></title>

  
sharetronix/system/templates/mobile/header.php 

00014: <title><?= htmlentities($D->page_title); ?></title>


Disclosure Information: 

- Vulnerability found 26th January

- Patch was made available 26th January

- Vendor and Buqtraq (SecurityFocus) contacted the 26th January

- Will be disclosed on InterN0T 27th January


All of the best,

MaXe