High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Flogr, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
- Cross-Site Scripting (XSS) Vulnerabilities in Flogr: CVE-2012-4336
Input appended to the URL after /index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected website.
The following PoC demonstrates the vulnerability:
http://[host]/index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/scr ipt%3E/
Successful exploitation of this vulnerability requires that Apache’s directive “AcceptPathInfo” is set to “on” or “default” (default value is “default”)
Second PoC* demonstrates that any HTTP GET parameter is also vulnerable to XSS:
http://[host]/index.php?[any]=%22%3E%3Cscript%3Ealert%28document.cookie%29;% 3C/script%3E