ImageFolio Input Validation Flaw Allows Remote Users to Conduct Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1005681 |
|
SecurityTracker URL: http://securitytracker.com/id/1005681
|
|
CVE Reference:
CVE-2002-1334
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: Nov 22 2002
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 3.0.1 and prior versions
|
Description:
An input validation vulnerability was reported in BizDesign's ImageFolio image gallery display and commerce software. A remote user can conduct cross-site scripting attacks.
A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running ImageFolio and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies) associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The flaw exists in various parameters of the 'nph-build.cgi' admin script and the 'imageFolio.cgi' script and possibly in other scripts.
A demonstration exploit URL string is provided:
/cgi-bin/imageFolio.cgi?direct=<script>alert("SecurityHole")</script>
The vendor was notified in June 2002.
|
Impact:
A remote user can access the target user's cookies (including authentication cookies) associated with the site running ImageFolio, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
|
Solution:
The vendor has released a fixed version (IF Pro 3.1).
|
Vendor URL: www.imagefolio.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 22 Nov 2002 00:10:24 -0500
Subject: Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software
|
[Date]
November 22, 2002
[Title]
Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software
[Vendor]
BizDesign
[Product]
ImageFolio
[URL]
http://www.imagefolio.com/
[Description]
An input validation vulnerability exists in ImageFolio version 3.0.1 and
prior versions. A remote user can conduct cross-site scripting attacks.
The flaw exists in the 'nph-build.cgi' admin script and in the 'imageFolio.cgi'
script (and possibly others).
A demonstration exploit is provided:
/cgi-bin/imageFolio.cgi?direct=<script>alert("SecurityHole")</script>
This vulnerability can be exploited to steal a user's or administrator's
authentication cookies.
[Vendor Notification]
Jun 9, 200 - BizDesign (the vendor) was notified and responded that the pending
version 3.0 will contain a fix.
Aug 23, 2002 - Version 3.0 was released without a fix.
Sep 16, 2002 - Version 3.0.1 was released without a fix.
Nov 13, 2002 - Vendor was reminded and responded that the bug will be fixed in
version 3.1, to be released in the beginning of the week of November 18.
Nov 22, 2002 - At the time of this report, the fixed version had not been posted
to the vendor's web site.
[Credit]
This flaw was discovered by SecurityTracker.com (http://securitytracker.com/)
after investigating a June 9, 2002 post by ET from LoWNOISE to the vuln-dev list:
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0939.html
For more information, contact SecurityTracker at info@securitytracker.com
|
|
