[Tickets #9191] XSS Vulnerability
bugs at horde.org
bugs at horde.org
Sat Aug 21 14:20:22 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9191
------------------------------------------------------------------------------
Ticket | 9191
Created By | nightmare.lmw at anarchynet.org
Summary | XSS Vulnerability
Queue | Gollem
Version | 1.1.1
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch | 1
Owners |
+New Attachment | view.php.patched
------------------------------------------------------------------------------
nightmare.lmw at anarchynet.org (2010-08-21 10:20) wrote:
I have found a Cross Site Scripting vulnerability in Gollem,
Exploit :
http://localhost/horde/gollem/view.php?actionID=view_file&type=txt&file=<script>alert("XSS")</script>&dir=../baddir/&driver=file
Vulnerable file : view.php (Line 32 - 46)
Vulnerable code :
if (is_callable(array($GLOBALS['gollem_vfs'], 'readStream'))) {
$stream = $GLOBALS['gollem_vfs']->readStream($filedir, $filename);
if (is_a($stream, 'PEAR_Error')) {
Horde::logMessage($stream, __FILE__, __LINE__, PEAR_LOG_NOTICE);
printf(_("Access denied to %s"), $filename);
exit;
}
} else {
$data = $GLOBALS['gollem_vfs']->read($filedir, $filename);
if (is_a($data, 'PEAR_Error')) {
Horde::logMessage($data, __FILE__, __LINE__, PEAR_LOG_NOTICE);
printf(_("Access denied to %s"), $filename);
exit;
}
}
I hope you fix the vulnerability asap. Patch in attachment.
Have a nice day.
Nicolas C. [NightMareLmW From DevSec]
More information about the bugs
mailing list