PHPGroupWare Index.PHP HTML Injection Vulnerability
BID:12082
Info
PHPGroupWare Index.PHP HTML Injection Vulnerability
| Bugtraq ID: | 12082 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2004 12:00AM |
| Updated: | Jan 27 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Cedric Cochin <[email protected]>. |
| Vulnerable: |
PHPGroupWare PHPGroupWare 0.9.14 .005 PHPGroupWare PHPGroupWare 0.9.14 .003 PHPGroupWare PHPGroupWare 0.9.13 PHPGroupWare PHPGroupWare 0.9.12 |
| Not Vulnerable: |
PHPGroupWare PHPGroupWare 0.9.16 RC3 |
Discussion
PHPGroupWare Index.PHP HTML Injection Vulnerability
PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user.
PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user.
Exploit / POC
PHPGroupWare Index.PHP HTML Injection Vulnerability
No exploit is required, the following example is available.
http://[target]/[phpgroupware_directory]/index.php?menuaction=calendar.uicalendar.planner
POST DATA: date="><script>alert(document.cookie)</script>
No exploit is required, the following example is available.
http://[target]/[phpgroupware_directory]/index.php?menuaction=calendar.uicalendar.planner
POST DATA: date="><script>alert(document.cookie)</script>
Solution / Fix
PHPGroupWare Index.PHP HTML Injection Vulnerability
Solution:
This issue has reportedly been addressed in phpGroupWare 0.9.16RC3 and later.
PHPGroupWare PHPGroupWare 0.9.12
PHPGroupWare PHPGroupWare 0.9.13
PHPGroupWare PHPGroupWare 0.9.14 .003
PHPGroupWare PHPGroupWare 0.9.14 .005
Solution:
This issue has reportedly been addressed in phpGroupWare 0.9.16RC3 and later.
PHPGroupWare PHPGroupWare 0.9.12
-
PHPGroupWare phpgroupware-0.9.16.003.tar.gz
http://downloads.phpgroupware.org/files/0.9.16-release/phpgroupware-0. 9.16.003.tar.gz
PHPGroupWare PHPGroupWare 0.9.13
-
PHPGroupWare phpgroupware-0.9.16.003.tar.gz
http://downloads.phpgroupware.org/files/0.9.16-release/phpgroupware-0. 9.16.003.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .003
-
PHPGroupWare phpgroupware-0.9.16.003.tar.gz
http://downloads.phpgroupware.org/files/0.9.16-release/phpgroupware-0. 9.16.003.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .005
-
PHPGroupWare phpgroupware-0.9.16.003.tar.gz
http://downloads.phpgroupware.org/files/0.9.16-release/phpgroupware-0. 9.16.003.tar.gz
References
PHPGroupWare Index.PHP HTML Injection Vulnerability
References:
References:
- bug #7478 overview: Multiple security holes in last versions of phpgroupware (phpGroupWare)
- PHPGroupWare Homepage (PHPGroupWare)