Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: HTB22943: XSS in Dalbum
From: Henri Salo <henri () nerv fi>
Date: Mon, 13 Jun 2011 15:05:26 +0300

On Tue, Apr 19, 2011 at 10:22:05AM +0200, advisory () htbridge ch wrote:
Vulnerability ID: HTB22943
Reference: http://www.htbridge.ch/advisory/xss_in_dalbum.html
Product: Dalbum
Vendor: http://www.dalbum.org/ ( http://www.dalbum.org/ ) 
Vulnerable Version: 1.43
Vendor Notification: 05 April 2011 
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium 
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ ) 

Vulnerability Details:
The vulnerability exists due to failure in the "editini.php" script to properly sanitize user-supplied input in "url" 
variable.
User can execute arbitrary JavaScript code within the vulnerable application.
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based 
authentication credentials, disclosure or modification of sensitive data.

The following PoC is available:

[code]
http://[host]/editini.php?album=/Sample%20album/&url=1%27%3E%3Cscript%3Ealert%28%22XSS%22%29;%3C/script%3E
[/code]

Risk level is medium in your advisory. My opinion is totally different. You need to be logged in to use this 
XSS-vulnerability to cause any damage. I would say that this is at least low, because of the impact vector. Did the 
vendor response anything?

Still not fixed by vendor.

Best regards,
Henri Salo


  By Date           By Thread  

Current thread:
  • Re: HTB22943: XSS in Dalbum Henri Salo (Jun 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]