AOH :: HP Unsorted T :: B06-5276.HTM

TorrentFlux user_id Script Insertion



TorrentFlux user_id Script Insertion
TorrentFlux user_id Script Insertion



TITLE:
TorrentFlux =93user_id=94 Script Insertion

CRITICAL:
Not Critical
IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
TorrentFlux 2.x

DESCRIPTION:
I have discovered a vulnerability in TorrentFlux, which can be exploited by malicious users to conduct script insertion attacks.

Data passed to the =93users=94 array is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrator=92s browser session in context of an affected site when the =93Activity Log=94 is viewed.

The vulnerability has been confirmed in version 2.1. Other versions may also be affected.

SOLUTION:

Edit the source code to ensure that input is properly sanitised.

/admin.php

Line 416:

echo =93=94.htmlentities($users[$inx], ENT_QUOTES).=94"; 

ORIGINAL ADVISORY:
http://www.stevenroddis.com.au/2006/10/17/torrentflux-user_id-script-insertion/ 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.