PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
BID:12887
Info
PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 12887 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0870 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery of this vulnerability is credited to Maksymilian Arciemowicz <[email protected]>. |
| Vulnerable: |
phpSysInfo phpSysInfo 2.3 phpSysInfo phpSysInfo 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 eGroupWare eGroupWare 1.0 .0.007 DigitalHive DigitalHive 2.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 |
| Not Vulnerable: | |
Discussion
PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
No exploit is required.
The following proof of concepts are available:
http://www.example.com/[phpSysInfo]/index.php?sensor_program=[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?text[language]=">[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?text[template]=">[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?hide_picklist=cXIb8O3&VERSION=[XSS]
No exploit is required.
The following proof of concepts are available:
http://www.example.com/[phpSysInfo]/index.php?sensor_program=[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?text[language]=">[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?text[template]=">[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?hide_picklist=cXIb8O3&VERSION=[XSS]
Solution / Fix
PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
Solution:
Please see the referenced advisories for more information.
eGroupWare eGroupWare 1.0 .0.007
phpSysInfo phpSysInfo 2.3
Solution:
Please see the referenced advisories for more information.
eGroupWare eGroupWare 1.0 .0.007
-
Debian egroupware-addressbook_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-a ddressbook_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-b ookmarks_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-calendar_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-c alendar_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-comic_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-c omic_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-core_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-c ore_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-d eveloper-tools_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-email_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-e mail_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-e mailadmin_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-etemplate_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-e template_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-felamimail_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f elamimail_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-filemanager_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f ilemanager_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-forum_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f orum_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-ftp_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f tp_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-fudforum_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f udforum_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-headlines_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-h eadlines_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-infolog_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-i nfolog_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-jinn_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-j inn_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-ldap_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-l dap_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-manual_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-m anual_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-messenger_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-m essenger_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-news-admin_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-n ews-admin_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p hpbrain_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p hpldapadmin_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p hpsysinfo_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-polls_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p olls_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-projects_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p rojects_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-registration_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-r egistration_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-s itemgr_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-stocks_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-s tocks_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-tts_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-t ts_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-wiki_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-w iki_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1 .0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-b ookmarks_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-calendar_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-c alendar_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-comic_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-c omic_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-core_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-c ore_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-d eveloper-tools_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-email_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-e mail_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-e mailadmin_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-etemplate_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-e template_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-felamimail_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f elamimail_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-filemanager_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f ilemanager_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-forum_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f orum_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-ftp_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f tp_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-fudforum_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-f udforum_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-headlines_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-h eadlines_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-infolog_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-i nfolog_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-jinn_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-j inn_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-ldap_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-l dap_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-manual_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-m anual_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-messenger_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-m essenger_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-news-admin_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-n ews-admin_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p hpbrain_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p hpldapadmin_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p hpsysinfo_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-polls_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p olls_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-projects_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-p rojects_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-registration_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-r egistration_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-s itemgr_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-stocks_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-s tocks_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-tts_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-t ts_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware-wiki_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-w iki_1.0.0.007-2.dfsg-2sarge4_all.deb -
Debian egroupware_1.0.0.007-2.dfsg-2sarge4_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1 .0.0.007-2.dfsg-2sarge4_all.deb
phpSysInfo phpSysInfo 2.3
-
Debian phpsysinfo_2.0-3woody2_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2 .0-3woody2_all.deb
References
PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- PHPSysInfo (PHP SysInfo)
- [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 (Maksymilian Arciemowicz