Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

os2a_1006.txt

🗓️ 09 Jul 2006 00:00:00Reported by Pavithra HanchagaiahType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

PHP-Blogger Cross Site Scripting Vulnerabilitie

Code
`PHP-Blogger Multiple Cross Site Scripting Vulnerabilities  
  
  
OS2A ID: OS2A_1006 Status:  
14/06/2006 Issue Discovered  
23/06/2006 Reported to the vendor  
(No response on repeated notification)  
07/07/2006 Advisory Released   
  
  
Class: Cross Site Scripting Severity: Medium  
  
  
Overview:  
---------  
PHP-Blogger is a free php script for creating a personal weblog (blog) or photoblog.  
http://www.phpblogger.com  
  
Description:  
------------  
Multiple Cross-site scripting vulnerabilities exist due to input validation  
errors in parameters like name, title, news, description, sitename etc., in   
admin/actions.php.   
  
Successful exploitation requires authentication.   
  
Impact:  
-------  
A remote attacker could inject malicious script code in the victim's browser  
within the security context of the hosting site and also could steal the victim's  
cookie-based authentication credentials.  
  
Affected Software(s):  
---------------------  
PHP-Blogger 2.2.5 (prior versions may also be vulnerable)  
  
Proof of Concept:  
-----------------  
Sample exploits  
  
http://www.yoursite.com/directory_where_you_installed_phpblogger/admin.php?action=new_news  
Vulnerable fields: Title, News  
  
http://www.yoursite.com/directory_where_you_installed_phpblogger/admin.php?action=new_slideshow  
Vulnerable fields: Description  
  
http://www.yoursite.com/directory_where_you_installed_phpblogger/admin.php/admin.php?action=preferences  
http://www.yoursite.com/directory_where_you_installed_phpblogger/admin.php?action=install  
Vulnerable fields: Site name  
  
Insert "<script>alert('XSS Vulnerable');</script>" in above fields to try the the exploit.  
  
Analysis:  
---------  
Vulnerable code in admin/actions.php (example snippet)  
  
$id = getValue("id");  
$title = getValue("title");  
$description = getValue("description");  
$Post = $Blogger->getPost($id);  
$folder = $Post->getDir();  
$Post->setTitle($title);  
$Post->setDescription($description);  
$file = getPostFiles("pic0");  
  
Input passed to many of the parameters in this script are not properly sanitized  
before being used.   
  
CVSS Score Report:  
------------------  
ACCESS_VECTOR = REMOTE  
ACCESS_COMPLEXITY = LOW  
AUTHENTICATION = REQUIRED  
CONFIDENTIALITY_IMPACT = PARTIAL  
INTEGRITY_IMPACT = PARTIAL  
AVAILABILITY_IMPACT = NONE  
IMPACT_BIAS = CONFIDENTIALITY  
EXPLOITABILITY = POC  
REMEDIATION_LEVEL = UNAVAILABLE  
REPORT_CONFIDENCE = CONFIRMED  
CVSS Base Score = 3.1 (AV:R/AC:L/Au:R/C:P/I:P/A:N/B:C)  
CVSS Temporal Score = 2.8  
Risk factor = Medium  
  
Solution:  
---------  
Edit the source code to sanitize the user input values.  
  
Credits:  
--------  
Pavithra Hanchagaiah of OS2A has been credited with the discovery of this   
vulnerability.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Jul 2006 00:00Current
7.4High risk
Vulners AI Score7.4
php-bloggercross site scriptinginput validationremoteauthenticationcvsssanitizevulnerabilitydiscovery.
19