[MajorSecurity #10]i.List <= 1.5 - XSS

2006-06-09T00:00:00
ID SECURITYVULNS:DOC:13046
Type securityvulns
Reporter Securityvulns
Modified 2006-06-09T00:00:00

Description

[MajorSecurity #10]i.List <= 1.5 - XSS

Software: i.List

Version: <=1.5

Type: XSS

Date: June, 8th 2006

Vendor: Skoom

Page: http://skoom.de

Credits:

David 'Aesthetico' Vieira-Kurz

http://www.majorsecurity.de

Affected Products:

i.List 1.5 and prior

Description:

i.List is a php/mysql TOPLIST script.

Requirements:

register_globals = On

Vulnerability:

Input passed to the Inputbox in "search.php", the 'URL' inputbox and 'ButtonURL' in "add.php" is not properly filtered and verified, before it is used. This can be exploited to execute evil XSS-code.

Solution:

Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off".

Exploitation:

In the inputbox of /search.php: Search for: <script>alert("MajorSecurity")</script>

In the inputbox 'URL' of add.php: Type in as URL: <script>alert("MajorSecurity")</script>

In the inputbox 'ButtonURL' of add.php: Type in as URL: <script>alert("MajorSecurity")</script>