PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BID:12952
Info
PAFileDB ID Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 12952 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0951 CVE-2005-0952 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to Diabolic Crab <[email protected]>. SecurityReason <[email protected]> may also have independently discovered this issue. |
| Vulnerable: |
PHP Arena paFileDB 3.1 PHP Arena paFileDB 3.0 Beta 3.1 PHP Arena paFileDB 3.0 PHP Arena paFileDB 2.1.1 PHP Arena paFileDB 1.1.3 |
| Not Vulnerable: | |
Discussion
PAFileDB ID Parameter Cross-Site Scripting Vulnerability
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious HTML and script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or other attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vulnerabilities). This BID will be retired or updated upon further analysis.
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious HTML and script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or other attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vulnerabilities). This BID will be retired or updated upon further analysis.
Exploit / POC
PAFileDB ID Parameter Cross-Site Scripting Vulnerability
An exploit is not required.
The following proof of concept is available:
http://www.example.com/pafiledb/pafiledb.php?action=file&id=%22%3E%20%20%3Cscript%3Ealert(document.cookie)%3C/script%3E
An exploit is not required.
The following proof of concept is available:
http://www.example.com/pafiledb/pafiledb.php?action=file&id=%22%3E%20%20%3Cscript%3Ealert(document.cookie)%3C/script%3E
Solution / Fix
PAFileDB ID Parameter Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PAFileDB ID Parameter Cross-Site Scripting Vulnerability
References:
References: