[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] KorviBlog - XSS permanent !

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] KorviBlog - XSS permanent !
From: "..." <cdg393@xxxxxxxxx>
Date: Mon, 11 Sep 2006 10:05:47 +0200

[-] Produit                      : KorviBlog

[-] Langage                    : PHP

[-] Site web officiel          : http://korvi.jdhosts.net/

[-] Page vulnérable         : livre_or.php

[-] Faille de sécurité        : Cross Site Scripting Permanent

[-] Explications                 :

    Ligne 4 : livre_or($_POST['prenom'], $_POST['emailFrom'],
$_POST['body'], time());

    Les variables $_POST['prenom'] , $_POST['emailFrom'] et $_POST['body']
ne sont pas correctement filtrées avant leur affichage,       ce qui permet
l'injection de code malicieux via le formulaire de cette page.

[C]orrection :

    Pour corriger le problème, il suffit d'appliquer la fonction
htmlentities() à ces trois variables :

    livre_or( htmlentities($_POST['prenom']),
htmlentities($_POST['emailFrom']), htmlentities($_POST['body']), time());

[R]emarque :

    Aucune verification des données entrées n'est faite, en laissant par
exemple les champs prénom email message vides le           message est
posté.

[C]redit :   cdg393

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] RE: RSA SecurID SID800 Token vulnerable by design
Next by Date: [Full-disclosure] PHProg : Local File Inclusion + XSS + Full path disclosure
Previous by thread: Re: [Full-disclosure] RSA SecurID SID800 Token vulnerable by design
Next by thread: [Full-disclosure] PHProg : Local File Inclusion + XSS + Full path disclosure
Index(es):
- Date
- Thread