|
Message-ID: <4F75EF17.1080508@redhat.com> Date: Fri, 30 Mar 2012 11:36:23 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 On 03/30/2012 01:58 AM, Henri Salo wrote: > Can I get 2012 CVE-identifier for stored XSS in Coppermine 1.5.18 edit_ont_pic.php keywords. > > ID: waraxe-2012-SA#081 > Original advisory: http://www.waraxe.us/advisory-81.html > Mailing list post: http://seclists.org/bugtraq/2012/Mar/166 > > """ > Reason: failure to sufficiently sanitize user-supplied input data > Preconditions: privileges needed for picture keywords editing > > Coppermine user with appropriate privileges is able to modify picture information: > > http://localhost/cpg1518/edit_one_pic.php?id=1&what=picture > > There is a field in form named as "Keywords (separate with semicolon)". > After insertion to database those keywords are later used in html meta section. > It appears, that specific user supplied data is not properly validated before > outputting as html to the end user, resulting in Stored XSS vulnerability. > > Testing: > > 1. Open picture information editing page: > > http://localhost/cpg1518/edit_one_pic.php?id=1&what=picture > > 2. Insert XSS payload below as keywords and click "Apply changes": > > "><body onload=javascript:alert(String.fromCharCode(88,83,83))> > > After that issue request to view this image: > > http://localhost/cpg1518/displayimage.php?pid=1 > > As result we can observe XSS payload execution. > """ > > There is also four different path disclosure vulnerabilities (includes plugins), but I think one CVE-identifier for this advisory is enough as these are all in the same version and path disclosure is very low severity. > > - Henri Salo What about the path disclosures? -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.