by r0t,der4444,cembo,VietMafia

Tuesday, December 13, 2005

PHP JackKnife XSS vuln.

PHP JackKnife XSS vuln.

Vuln. dicovered by : r0t
Date: 13 dec. 2005
vendor:http://www.phpjk.com/
affected version: 2.21 and prior

Product Description:

PHP JackKnife is an easily set-up, fast, feature-rich photo gallery script with MySQL or MSSQL databases. PHPJK supports template and user management, private galleries, automatic thumbnail creation, film strip, e-card feature for easy customization to match the rest of a site. PHPJK adds multiple uploads, updated securities, many new features including support for document types (ie tiff, psd, swf, doc, mp3, etc)! Additional features: auto-thumbailing, image upload, rating, searching, unlimited categories and subcategories, unlimited galleries and images, private & locked galleries, bulk import via ftp, dynamic products display, alternate images, eCards, image referencing and much more! It also includes Aricaur.com integration so you can sell prints, t-shirts and gift items with your images on them! PHP & MSSQL/MySQL & Win/*nix



Vuln. Description:

PHP JackKnife contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "sKeywords" parameter in "DisplayResults.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

example:

/Search/DisplayResults.php?DOMAIN_Link=&
iSearchID=292&sKeywords=%22%3E%3Cscri
pt%3Ealert%28%27r0t%27%29%3C%2Fscript%3E



Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Tropical Screensaver told...

Greetings to you. ecard related information is of great interest to me and so I am usually online checking it out. I came accross your site and spent some time checking out your content, although I was really interested in ecard related stuff. Keep up the good work.

Maybe you can drop by my site http://www.natureislephotos.com one of those days.

8:55 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew