Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

pChart 2.1.3 Cross Site Scripting / Directory Traversal

🗓️ 24 Jan 2014 00:00:00Reported by Balazs MakanyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

pChart 2.1.3 Directory Traversal and Reflected XSS vulnerability with disclosure timelin

Code
`# Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS  
# Date: 2014-01-24  
# Exploit Author: Balazs Makany  
# Vendor Homepage: www.pchart.net  
# Software Link: www.pchart.net/download  
# Google Dork: intitle:"pChart 2.x - examples" intext:"2.1.3"  
# Version: 2.1.3  
# Tested on: N/A (Web Application. Tested on FreeBSD and Apache)  
# CVE : N/A  
  
[0] Summary:  
PHP library pChart 2.1.3 (and possibly previous versions) by default  
contains an examples folder, where the application is vulnerable to  
Directory Traversal and Cross-Site Scripting (XSS).  
It is plausible that custom built production code contains similar  
problems if the usage of the library was copied from the examples.  
The exploit author engaged the vendor before publicly disclosing the  
vulnerability and consequently the vendor released an official fix  
before the vulnerability was published.  
  
  
[1] Directory Traversal:  
"hxxp://localhost/examples/index.php?Action=View&Script=%2f..%2f..%2fetc/passwd"  
The traversal is executed with the web server's privilege and leads to  
sensitive file disclosure (passwd, siteconf.inc.php or similar),  
access to source codes, hardcoded passwords or other high impact  
consequences, depending on the web server's configuration.  
This problem may exists in the production code if the example code was  
copied into the production environment.  
  
Directory Traversal remediation:  
1) Update to the latest version of the software.  
2) Remove public access to the examples folder where applicable.  
3) Use a Web Application Firewall or similar technology to filter  
malicious input attempts.  
  
  
[2] Cross-Site Scripting (XSS):  
"hxxp://localhost/examples/sandbox/script/session.php?<script>alert('XSS')</script>  
This file uses multiple variables throughout the session, and most of  
them are vulnerable to XSS attacks. Certain parameters are persistent  
throughout the session and therefore persists until the user session  
is active. The parameters are unfiltered.  
  
Cross-Site Scripting remediation:  
1) Update to the latest version of the software.  
2) Remove public access to the examples folder where applicable.  
3) Use a Web Application Firewall or similar technology to filter  
malicious input attempts.  
  
  
[3] Disclosure timeline:  
2014 January 16 - Vulnerability confirmed, vendor contacted  
2014 January 17 - Vendor replied, responsible disclosure was orchestrated  
2014 January 24 - Vendor was inquired about progress, vendor replied  
and noted that the official patch is released.  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Jan 2014 00:00Current
7.4High risk
Vulners AI Score7.4
pchart 2.1.3directory traversalcross-site scriptingvulnerabilitydisclosure timelinevendorweb application firewallxss remediationtraversal remediationexamples foldersensitive file disclosuresource codes
31