4images Multiple Input Validation Vulnerabilities
BID:51774
Info
4images Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 51774 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1021 CVE-2012-1022 CVE-2012-1023 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 31 2012 12:00AM |
| Updated: | Feb 09 2012 12:00PM |
| Credit: | RandomStorm |
| Vulnerable: |
4homepages 4images 1.7.10 |
| Not Vulnerable: | |
Discussion
4images Multiple Input Validation Vulnerabilities
4images is prone to multiple input-validation vulnerabilities including:
1. A cross-site scripting vulnerability.
2. An open-redirection vulnerability.
3. An SQL-injection vulnerability.
An attacker may leverage these issues to perform spoofing and phishing attacks, to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
4images 1.7.10 is vulnerable; other versions may also be affected.
4images is prone to multiple input-validation vulnerabilities including:
1. A cross-site scripting vulnerability.
2. An open-redirection vulnerability.
3. An SQL-injection vulnerability.
An attacker may leverage these issues to perform spoofing and phishing attacks, to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
4images 1.7.10 is vulnerable; other versions may also be affected.
Exploit / POC
4images Multiple Input Validation Vulnerabilities
An attacker can exploit these issues with a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/admin/categories.php?action=addcat&cat_parent_id=1 (XSS)
http://www.example.com/admin/index.php?__csrf=931086345abbb83f9a70c87dc4719248& action=login&redirect=http://google.com&loginusername=admin&loginpassword=pass
http://www.example.com/admin/categories.php?action=addcat&cat_parent_id=1' (SQL Injection)
An attacker can exploit these issues with a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/admin/categories.php?action=addcat&cat_parent_id=1 (XSS)
http://www.example.com/admin/index.php?__csrf=931086345abbb83f9a70c87dc4719248& action=login&redirect=http://google.com&loginusername=admin&loginpassword=pass
http://www.example.com/admin/categories.php?action=addcat&cat_parent_id=1' (SQL Injection)
Solution / Fix
4images Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].