Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Blogs :: tb13360.htm

Eggblog v3.1.0 XSS Vulnerability



Eggblog v3.1.0 XSS Vulnerability
Eggblog v3.1.0 XSS Vulnerability



H - Security Labs  =0D
Eggblog v3.1.0 Security Advisory =0D
ID : HSEC#20071111 =0D
General Information=0D
--------------------------=0D
Name                     : EggBlog v.3.1.0=0D
Vendor HomePage :http://sourceforge.net/projects/eggblog/ =0D 
Platforms                : PHP && MySQL=0D
Vulnerability Type       : Input Validation Error=0D
=0D
Timeline=0D
-------------------------=0D
08 October  2007  -- Vendor Contacted  =0D
30 October  2007  -- Vendor Replied=0D
11 November 2007  -- New Release=0D
11 November 2007  -- Advisory Released=0D
=0D
=0D
What is Eggblog=0D
------------------------=0D
eggblog is a free PHP & MySQL blogging package. Features include an internal search engine,=0D
=0D
photo albums, forums, plug-ins, guest comments to blog articles, automatic monthly archiving=0D
=0D
of blog articles and RSS XML feeds for both the blog and forums.=0D
I discovered the security holes when I was testing it for my personel web blog.=0D
=0D
Vulnerability Overview=0D
------------------------=0D
The script is vulnerable to XSS attacks.=0D
=0D
Details About Vulnerability=0D
------------------------=0D
XSS Vulnerability(home/rss.php)=0D
=0D
At the rss.php line 6-7; there are unfiltered PHP_SELFs that can be used for XSS attacks.=0D
---------=0D
".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER['=0D
=0D
PHP_SELF'])."/rss/blog.php=0D
".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER=0D
=0D
['PHP_SELF'])."/rss/topics.php=0D
---------=0D
=0D
The attacker can succesfully launch XSS attacks with loading payload on to the URL after the=0D
=0D
home\rss.php. For example :=0D
http://www.example.com/home/rss.php/=0D 
 =0D
Solutions=0D
-----------------------=0D
Download the new release : EggBlog v3.1.1=0D
=0D
Credits=0D
-----------------------=0D
The vulnerabilities found on 08 October 2007=0D
by Mesut Timur =0D 
H - Security Labs , http://www.h-labs.org=0D 
Gebze Institue of Technology,Computer Engineering,http://www.gyte.edu.tr=0D 
=0D
References=0D
-----------------------=0D
http://sourceforge.net/forum/forum.php?forum_id=753622=0D 
http://www.eggblog.net=0D 
http://sourceforge.net/projects/eggblog/=0D 
Original Advisory : http://www.h-labs.org/blog/2007/11/11/eggblog_v3_1_0_xss_issues.html=0D 
=0D
Mesut TIMUR=0D
http://www.h-labs.org=0D 
H - Security Labs G=FCvenlik Edit=F6r=FC=0D
GYTE Bilgisayar M=FChendisligi=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH