Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software

[Stuart Moore <smoore.bugtraq () securityglobal net>]

[Alert URL]

  http://www.securitytracker.com/alerts/2002/Nov/1005681.html


[Date]

  November 27, 2002


[Title]

  Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software


[Vendor]

  BizDesign


[Product]

  ImageFolio


[URL]

  http://www.imagefolio.com/


[Description]

  An input validation vulnerability exists in ImageFolio version 3.0.1 and 
  prior versions.  A remote user can conduct cross-site scripting attacks.

  The flaw exists in various parameters of the 'nph-build.cgi' admin script 
  nd the 'imageFolio.cgi' script (and possibly others).

  A demonstration exploit is provided:

  /cgi-bin/imageFolio.cgi?direct=<script>alert("SecurityHole")</script>

  /cgi-bin/if/admin/nph-build.cgi?step=<script>alert("SecurityHole")</script>

  This vulnerability can be exploited to steal a user's or administrator's 
  authentication cookies.


[Vendor Notification]

  Jun  9, 2002 - BizDesign (the vendor) was notified and responded that the pending 
                 version 3.0 will contain a fix.  
  Aug 23, 2002 - Version 3.0 was released without a fix.
  Sep 16, 2002 - Version 3.0.1 was released without a fix.
  Nov 13, 2002 - Vendor was reminded and responded that the bug will be fixed in
                 version 3.1, to be released in the beginning of the week of November 18.
  Nov 27, 2002 - At the time of this report, the fixed version had not been posted 
                 to the vendor's web site.


[CVE]

  CAN-2002-1334


[Credit]

  This flaw was discovered by SecurityTracker.com (http://securitytracker.com/) 
  after investigating a June 9, 2002 post by ET from LoWNOISE to the vuln-dev list:

  http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0939.html

  For more information, contact SecurityTracker at info () securitytracker com