e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
Vendor: e107
Vulnerable Version(s): 2.0 alpha2 and probably prior
Tested Version: 2.0 alpha2
Advisory Publication: June 18, 2014 [without technical details]
Vendor Notification: June 18, 2014
Vendor Patch: June 27, 2014
Public Disclosure: July 16, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-4734
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in e107, which can be exploited to perform Cross-Site
Scripting (XSS) attacks.
1) Reflected Cross-Site Scripting (XSS) in e107: CVE-2014-4734
The vulnerability exists due to insufficient sanitization of "type" HTTP GET parameter passed to
"/e107_admin/db.php" script. A remote attacker can trick a logged-in administrator to follow a specially
crafted link and execute arbitrary HTML and scripting code in administrator’s browser.
Using advanced XSS techniques a remote attacker can gain complete access over administrator’s session and perform
arbitrary actions as web application administrator.
The following exploitation example displays JS pop-up with "immuniweb" word when the administrator hits the
"submit" button:
http://[host]/e107_admin/db.php?mode=pref_editor&type=123%27%20onsubmit=%22alert%28%27immuniweb%27%29%3b%22%20a=%27
-----------------------------------------------------------------------------------------------
Solution:
Update e107_admin/db.php file from GitHub.
More Information:
https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1
https://github.com/e107inc/e107/commit/e3088a877f94ac465555173e28b2f7f4a4f6d5e8
# 0day.today [2018-01-08] #