AOH :: HP Unsorted T :: B06-5274.HTM

TorrentFlux action Script Insertion



TorrentFlux action Script Insertion
TorrentFlux action Script Insertion



TorrentFlux =93action=94 Script Insertion

TITLE:
TorrentFlux =93action=94 Script Insertion

CRITICAL:
Not Critical
IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
TorrentFlux 2.x

DESCRIPTION:
I have discovered a vulnerability in TorrentFlux, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the =93action=94 variable is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrator=92s browser session in context of an affected site when the =93Activity Log=94 is viewed.

The vulnerability has been confirmed in version 2.1. Other versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.
/admin.php
Line 336:

$output .= =94
=93.htmlentities($action, ENT_QUOTES).=94

=93;

Line 398:

echo =93=94.htmlentities($action, ENT_QUOTES).=94";

ORIGINAL ADVISORY:
http://www.stevenroddis.com.au/2006/10/17/torrentflux-action-script-insertion/ 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.