Bugtraq mailing list archives
Re: [badroot security] AutoIndex PHP Script: XSS vulnerability
From: mozako <mozako () mybox it>
Date: Tue, 05 Jul 2005 22:29:24 +0000
Sorry for distraction errors. This is the correct ADV: _______________________________________________________ BADROOT SECURITY GROUP Security Advisory 2005-#0x07 http://www.badroot.org irc.us.azzurra.org ~ #badroot _______________________________________________________ Authors ....... mozako feat shen139 Date .......... 05-07-2005 Product ....... AutoIndex PHP Script Type .......... Cross Site Scripting (XSS) vulnerability o Description: =============================AutoIndex PHP Script is a simply website directory indexer and file manager.
o Vulnerability Description: ============================= 287 [...] 288 $search = (isset($_GET['search']) ? $_GET['search'] : '');289 $search_mode = (isset($_GET['searchMode']) ? $_GET['searchMode'] : '');
290 [...]At line 289 AutoIndex PHP Script doesn't validate '$_GET' variable ($search).
Consequently, a remote user can create an specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server. o Products: ============================= - AutoIndex PHP Script v. 1.5.2 (tested) o Solution: ============================= Sanitize html source before writing it with a simply htmlspecialchars(...). o Proof of concept: =============================http://www.vuln-site.org/index.php?search='>%3Cscript%3Ealert%28%27owned%27%29%3Blocation.href%3D%27http%3A%2F%2Fwww.badroot.org%27%3B%3C%2Fscript%3E&dir=&searchMode=
Original ADV: http://www.badroot.org/advisories/SA0x07
Current thread:
- Re: [badroot security] AutoIndex PHP Script: XSS vulnerability mozako (Jul 05)