TorrentFlux =93startpop.php=94 =93torrent=94 Script Insertion
Cross Site Scripting
I have discovered a vulnerability in TorrentFlux, which can be exploited by malicious users to conduct script insertion attacks.
Input passed to the =93torrent=94 field of a GET Request (/startpop.php?torrent=%22%3E%3Cscript%3Ealert(document.cookies);%3C/script%3E.torrent) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an user=92s browser session in context of an affected site if a user clicks on a malicious link.
The vulnerability has been confirmed in version 2.1. Other versions may also be affected.
Edit the source code to ensure that input is properly sanitised.
Line 36: Change to: $displayName = htmlentities($displayName, ENT_QUOTES);
(Line 36 is normally empty)
Grant only trusted users access to the application