Vulners
Lucene search
4images 1.7.11 Cross Site Scripting
🗓️ 25 Sep 2015 00:00:00Reported by Manuel Garcia CardenasType 
packetstorm🔗 packetstormsecurity.com👁 33 Views
`=============================================
MGC ALERT 2015-001
- Original release date: September 08, 2015
- Last revised: September 24, 2015
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Stored XSS in 4images <= v1.7.11
II. BACKGROUND
-------------------------
4images is a powerful web-based image gallery management system. Features
include comment system, user registration and management, password
protected administration area with browser-based upload and HTML templates
for page layout and design.
III. DESCRIPTION
-------------------------
Has been detected a stored XSS vulnerability in 4images, that allows the
execution of arbitrary HTML/script code to be executed in the context of
the victim user's browser.
The code injection is done through the parameter warning in the page
categories.php parameters "cat_description".
IV. PROOF OF CONCEPT
-------------------------
Malicious Request:
http://vulnerablesite.com/4images/admin/categories.php
__csrf=&action=updatecat&cat_id=1&cat_name=example&cat_description=<XSS
injection>&cat_parent_id=0&cat_order=5&cat_hits=2285&auth_viewcat=0&auth_viewimage=0&auth_download=2&auth_upload=2&auth_directupload=9&auth_vote=0&auth_sendpostcard=0&auth_readcomment=0&auth_postcomment=2
Example:
http://vulnerablesite.com/4images/categories.php?cat_id=1
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted user's
browser, this can leverage to steal sensitive information as user
credentials, personal data, etc.
VI. SYSTEMS AFFECTED
-------------------------
4images <= v1.7.11
VII. SOLUTION
-------------------------
Update to the last version.
VIII. REFERENCES
-------------------------
http://www.4homepages.de/
IX. CREDITS
-------------------------
This vulnerability has been discovered and reported
by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com).
X. REVISION HISTORY
-------------------------
September 08, 2015 1: Initial release
September 24, 2015 2: Last revision
XI. DISCLOSURE TIMELINE
-------------------------
September 08, 2015 1: Vulnerability acquired by Manuel Garcia Cardenas
September 08, 2015 2: Send to vendor
September 24, 2015 3: Sent to lists
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
XIII. ABOUT
-------------------------
Manuel Garcia Cardenas
Pentester
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Sep 2015 00:00Current
0.1Low risk
Vulners AI Score0.1