Home » 2010 » January » 29 » [InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability
5:34 AM
[InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability
ShareTronix - HTML Injection Vulnerability





Version Affected: 1.0.4 (newest)



Info:

Sharetronix Opensource is a multimedia microblogging platform.

It helps people in a community, company, or group to exchange short messages over the Web.



Credits: MaXe from InterN0T (patched the vulnerability) & Reelix (found the vulnerability)



External Links:

http://sharetronix.com/opensource/





-:: The Advisory ::-

The header.php file for showing a single microblog entry does not sanitize the page_title correct.



page_title is set by the user when posting an entry to the microblog platform.



Files:

sharetronix/system/templates/
header.php

00013: <title>page_title ?></title>



sharetronix/system/templates/mobile/header.php

00014: <title>page_title ?></title>





-:: Solution ::-

sharetronix/system/templates/header.php

00013: <title>page_title); ?></title>



sharetronix/system/templates/mobile/header.php

00014: <title>page_title); ?></title>



Disclosure Information:

- Vulnerability found 26th January

- Patch was made available 26th January

- Vendor and Buqtraq (SecurityFocus) contacted the 26th January

- Will be disclosed on InterN0T 27th January





All of the best,

MaXe
Views: 505 | Added by: b1zz4rd | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *: