Computer Security

Security Advisory: Cross-site Scripting and CSRF in TorrentTrader Classic v1.08
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities

  XSS in XP Book version 3.0

  kcwiki 1.0 multiple remote file inclusion vulnerabilities.

  Dynamic photo gallery V1.02 SQL Injection

From:Valery Marchuk <tecklord_(at)_securitylab.ru>
Date:03.03.2008
Subject:Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

Application: TorrentTrader Classic v1.08, possible other versions.

Vendor URL:
http://sourceforge.net/project/showfiles.php?group_id=98584&package_id=180927
1.

1. Input passed to the msg property of account-inbox.php is not properly
sanitized before being displayed to the user. A malicious authenticated user
can execute arbitrary HTML and scripting code in a user's browser session in
context of an affected web site.
Example:
http://[host]/account-inbox.php?msg=<script>alert(document.
co­okie)</script>&receiver=<username>

2. The application allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the request.  A malicious
person can perform a CSRF attack.
Example:
http://[host]/account-inbox.
php?msg=<message>&receiver=<username>

Vulnerability #1 was discovered by Dominus.
Original URL: http://www.securitylab.ru/vulnerability/347887.php

BR,
Valery Marchuk
www.SecurityLab.ru

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru