Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software

From: Stuart Moore (smoore.bugtraq@securityglobal.net)
Date: 11/27/02

Next message: Aaron C. Newman (Application Security, Inc.): "ASI Sybase Security Alert: Buffer overflow in xp_freedll"

Previous message: 蔺毅翀: "Solaris priocntl exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Nov 2002 08:52:43 -0500
From: Stuart Moore <smoore.bugtraq@securityglobal.net>
To: bugtraq@securityfocus.com

[Alert URL]

http://www.securitytracker.com/alerts/2002/Nov/1005681.html

[Date]

November 27, 2002

[Title]

Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software

[Vendor]

BizDesign

[Product]

ImageFolio

[URL]

http://www.imagefolio.com/

[Description]

An input validation vulnerability exists in ImageFolio version 3.0.1 and
prior versions. A remote user can conduct cross-site scripting attacks.

The flaw exists in various parameters of the 'nph-build.cgi' admin script
nd the 'imageFolio.cgi' script (and possibly others).

A demonstration exploit is provided:

/cgi-bin/imageFolio.cgi?direct=<script>alert("SecurityHole")</script>

/cgi-bin/if/admin/nph-build.cgi?step=<script>alert("SecurityHole")</script>

This vulnerability can be exploited to steal a user's or administrator's
authentication cookies.

[Vendor Notification]

  Jun 9, 2002 - BizDesign (the vendor) was notified and responded that the pending
                 version 3.0 will contain a fix.
  Aug 23, 2002 - Version 3.0 was released without a fix.
  Sep 16, 2002 - Version 3.0.1 was released without a fix.
  Nov 13, 2002 - Vendor was reminded and responded that the bug will be fixed in
                 version 3.1, to be released in the beginning of the week of November 18.
  Nov 27, 2002 - At the time of this report, the fixed version had not been posted
                 to the vendor's web site.

[CVE]

CAN-2002-1334

[Credit]

This flaw was discovered by SecurityTracker.com (http://securitytracker.com/)
after investigating a June 9, 2002 post by ET from LoWNOISE to the vuln-dev list:

http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0939.html

For more information, contact SecurityTracker at info@securitytracker.com

Next message: Aaron C. Newman (Application Security, Inc.): "ASI Sybase Security Alert: Buffer overflow in xp_freedll"
Previous message: 蔺毅翀: "Solaris priocntl exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software
... Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software ... A remote user can conduct cross-site scripting attacks. ...
(Full-Disclosure)
[Full-disclosure] [SECURITY] [DSA 1285-1] New wordpress packages fix multiple vulnerabilitie
... Vulnerability: several ... Cross-site scripting vulnerability in wp-admin/vars.php in ... allows remote authenticated users with theme privileges to inject ... Size/MD5 checksum: 8967 a9975366a65611eb333557603ca18b00 ...
(Full-Disclosure)
[SECURITY] [DSA 1285-1] New wordpress packages fix multiple vulnerabilities
... Vulnerability: several ... Cross-site scripting vulnerability in wp-admin/vars.php in ... allows remote authenticated users with theme privileges to inject ... Size/MD5 checksum: 8967 a9975366a65611eb333557603ca18b00 ...
(Bugtraq)
[NEWS] XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... No other Cisco products are known to be affected by this vulnerability. ... The cross-site scripting vulnerability and the SQL injection vulnerability ... Attacks against these ...
(Securiteam)
[NT] Cross-Site Scripting in Verisigns haydn.exe CGI Script
... Get your security news from a reliable source. ... Cross-Site Scripting in Verisign's haydn.exe CGI Script ... A cross-site scripting vulnerability found in Verisign's haydn.exe could ... sure that the web browser is configured to allow Javascript execution. ...
(Securiteam)