iScripts SocialWare Arbitrary File Upload and Cross Site Scripting Vulnerabilities
BID:39787
Info
iScripts SocialWare Arbitrary File Upload and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 39787 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 29 2010 12:00AM |
| Updated: | May 10 2010 07:02PM |
| Credit: | Sid3^effects |
| Vulnerable: |
iScripts SocialWare 2.2 |
| Not Vulnerable: | |
Discussion
iScripts SocialWare Arbitrary File Upload and Cross Site Scripting Vulnerabilities
iScripts SocialWare is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue. These issues occur because the application fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to steal cookie information, execute arbitrary client-side scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.
These issues affect iScripts SocialWare 2.2; other versions may also be affected.
iScripts SocialWare is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue. These issues occur because the application fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to steal cookie information, execute arbitrary client-side scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.
These issues affect iScripts SocialWare 2.2; other versions may also be affected.
Exploit / POC
iScripts SocialWare Arbitrary File Upload and Cross Site Scripting Vulnerabilities
Attackers may exploit these issues through a browser. To exploit a cross-site scripting vulnerability, an attacker must convince an unsuspecting user to follow a malicious URI.
Attackers may exploit these issues through a browser. To exploit a cross-site scripting vulnerability, an attacker must convince an unsuspecting user to follow a malicious URI.
Solution / Fix
iScripts SocialWare Arbitrary File Upload and Cross Site Scripting Vulnerabilities
Solution:
Updates are available; please contact the vendor for more information.
iScripts SocialWare 2.2
Solution:
Updates are available; please contact the vendor for more information.
iScripts SocialWare 2.2
-
iScripts socialware_patch.zip
http://www.iscripts.com/patches/socialware_patch.zip
References
iScripts SocialWare Arbitrary File Upload and Cross Site Scripting Vulnerabilities
References:
References:
- Download Patches (iScripts)
- iScripts SocialWare Homepage (iScripts)