AOH :: HP Unsorted T :: B06-5213.HTM

TorrentFlux startpop.php torrent Script Insertion



TorrentFlux startpop.php torrent Script Insertion
TorrentFlux startpop.php torrent Script Insertion



http://www.stevenroddis.com.au/2006/10/13/torrentflux-startpopphp-torrent-script-insertion/ 

TITLE:
TorrentFlux =93startpop.php=94 =93torrent=94 Script Insertion
CRITICAL:
Not Critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
TorrentFlux 2.x

DESCRIPTION:
I have discovered a vulnerability in TorrentFlux, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the =93torrent=94 field of a GET Request (/startpop.php?torrent=%22%3E%3Cscript%3Ealert(document.cookies);%3C/script%3E.torrent) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an user=92s browser session in context of an affected site if a user clicks on a malicious link.

The vulnerability has been confirmed in version 2.1. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

/startpop.php

Line 36: Change to: $displayName = htmlentities($displayName, ENT_QUOTES);

(Line 36 is normally empty)

Grant only trusted users access to the application

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.