Multiple Vulnerabilities in Pixelpost

2011-01-11T00:00:00
ID HTB22791
Type htbridge
Reporter High-Tech Bridge
Modified 2011-01-11T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pixelpost which could be exploited to perform cross-site scripting attacks and disclose potentially sensitive information.

1) Cross-site scripting vulnerability in Pixelpost
The vulnerability exists due to input sanitation error in the "visitorinfo" cookie in index.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
GET /index.php?popup=comment&showimage=1 HTTP/1.1
Cookie: visitorinfo=1'><script>alert("XSS")%3B</script>%25

2) Information disclosure vulnerability in Pixelpost
The vulnerability exists due to insufficient sanitation of input data in the "lang" in index.php. A remote attacker can read arbitrary files on the target system. Successful exploitation requires that register_globals is enabled.
Exploitation example:
GET /index.php?popup=comment&language_full=english HTTP/1.1
Cookie: lang=/../../../includes/pixelpost.php%00