Multiple cross-site scripting (XSS) vulnerabilites in glFusion version 1.2.2 was discovered by High-Tech Bridge Security Research Lab. They can be exploited to perform cross-site scripting attacks.
According to HTB23142 Security Advisory glFusion has installed by default a "bad_behaviour" plugin that verifies HTTP Referer (aimed to protect against spambots). The plugin also makes reflected XSS attacks against the application more complex. To bypass the security restriction PoC (Proof-of-Concept) codes in this advisory for vulnerabilities 1–3 modify the HTTP Referer header.
The vulnerability exists due to insufficient filtration of user-supplied data in 1) "subject" HTTP POST parameter passed to "/profiles.php" script; 2) "address1", "address2", "calendar_type", "city", "state", "title", "url", "zipcode" HTTP POST parameters passed to "/calendar/index.php" script; 3) "title" and "url" HTTP POST parameters passed to "/links/index.php" script; 4) in URI after "/admin/plugins/mediagallery/xppubwiz.php" script.
Solution status: vulnerabilities are now fixed, upgrade to glFusion v1.2.2 Patch Level #4 (v1.2.2.pl4), more info: glfusion.org/article.php/glf122_update_20130130_01
No comments:
Post a Comment