Simple Directory Listing Cross Site Scripting

2009-10-12T00:00:00
ID PACKETSTORM:81932
Type packetstorm
Reporter Amol Naik
Modified 2009-10-12T00:00:00

Description

                                        
                                            `## Security Advisory : Cross-Site Scripting flaw in Simple Directory Listing  
##  
Discovered by ==> Amol Naik (amolnaik4_at_gmail_dot_com)  
  
## Overview ##  
--------------  
Quote from from http://simpledirectorylisting.net/ :  
"Simple Directory Listing is a single file php script which functions as  
directory listing in an apache http server. It provides many useful  
functions like copy, delete, read/write, etc.". There are 21,739,293  
downloads from sourceforge.net.  
  
  
## Vulnerability Description ##  
-----------------  
Simple Directory Listing is vulnerable to Cross-Site Scripting, allowing  
injection  
of malicious code in the context of the application.  
  
  
  
## Technical Details ##  
-------------  
Vulnerable Product : Simple Directory Listing 2.1_beta1  
Download :  
http://sourceforge.net/projects/simpledirectory/files/simpledirectorylisting/SDL2.1_beta1/SDL2.1_beta1.zip/download  
Vulnerability Type : Cross-Site Scripting (XSS)  
Affected page : SDL2.php  
Vulnerable parameters : cwdRelPath  
  
  
  
## Timeline ##  
--------------  
Bug Discovered : October 3rd, 2009  
Informed Vendor : October 3rd, 2009 but no response received till date.  
  
  
## Proof of concept ##  
----------------------  
  
http://localhost/simpledirectorylisting/SDL2.php?cwdRelPath=  
'><script>alert(1)</script>  
`