Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18389
HistoryNov 12, 2007 - 12:00 a.m.

Eggblog v3.1.0 XSS Vulnerability

2007-11-1200:00:00
vulners.com
22
JSON

H - Security Labs
Eggblog v3.1.0 Security Advisory
ID : HSEC#20071111
General Information

Name : EggBlog v.3.1.0
Vendor HomePage :http://sourceforge.net/projects/eggblog/
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Error

Timeline

08 October 2007 – Vendor Contacted
30 October 2007 – Vendor Replied
11 November 2007 – New Release
11 November 2007 – Advisory Released

What is Eggblog

eggblog is a free PHP & MySQL blogging package. Features include an internal search engine,

photo albums, forums, plug-ins, guest comments to blog articles, automatic monthly archiving

of blog articles and RSS XML feeds for both the blog and forums.
I discovered the security holes when I was testing it for my personel web blog.

Vulnerability Overview

The script is vulnerable to XSS attacks.

Details About Vulnerability

XSS Vulnerability(home/rss.php)

At the rss.php line 6-7; there are unfiltered PHP_SELFs that can be used for XSS attacks.

<a

href=\"…/rss/blog.php\">".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER['

PHP_SELF'])."/rss/blog.php</a></li>
<a

href=\"…/rss/topics.php\">".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER

['PHP_SELF'])."/rss/topics.php</a></li>

The attacker can succesfully launch XSS attacks with loading payload on to the URL after the

home\rss.php. For example :
http://www.example.com/home/rss.php/&lt;script&gt;alert&#40;1&#41;&lt;/script&gt;

Solutions

Download the new release : EggBlog v3.1.1

Credits

The vulnerabilities found on 08 October 2007
by Mesut Timur <[email protected]>
H - Security Labs , http://www.h-labs.org
Gebze Institue of Technology,Computer Engineering,http://www.gyte.edu.tr

References

http://sourceforge.net/forum/forum.php?forum_id=753622
http://www.eggblog.net
http://sourceforge.net/projects/eggblog/
Original Advisory : http://www.h-labs.org/blog/2007/11/11/eggblog_v3_1_0_xss_issues.html

Mesut TIMUR
http://www.h-labs.org
H - Security Labs Gьvenlik Editцrь
GYTE Bilgisayar Mьhendisligi

JSON