AOH :: HP Unsorted T :: B06-5275.HTM

TorrentFlux file Script Insertion



TorrentFlux file Script Insertion
TorrentFlux file Script Insertion



TITLE:
TorrentFlux =93file=94 Script Insertion

CRITICAL:
Moderate

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
TorrentFlux 2.x

DESCRIPTION:
I have discovered a vulnerability in TorrentFlux, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the =93file=94 variable is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrator=92s browser session in context of an affected site when the =93Activity Log=94 is viewed. An example is attempting to login with an incorrect username or password. Where the username field of /login.php contains the arbitrary code.

The vulnerability has been confirmed in version 2.1. Other versions may also be affected.

SOLUTION:

Edit the source code to ensure that input is properly sanitised.

/admin.php

Line 338:

$output .= htmlentities($file, ENT_QUOTES); 

ORIGINAL ADVISORY:
http://www.stevenroddis.com.au/2006/10/17/torrentflux-file-script-insertion/ 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.