09.34.54 [InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability | |
| ShareTronix - HTML Injection Vulnerability Version Affected: 1.0.4 (newest) Info: Sharetronix Opensource is a multimedia microblogging platform. It helps people in a community, company, or group to exchange short messages over the Web. Credits: MaXe from InterN0T (patched the vulnerability) & Reelix (found the vulnerability) External Links: http://sharetronix.com/ -:: The Advisory ::- The header.php file for showing a single microblog entry does not sanitize the page_title correct. page_title is set by the user when posting an entry to the microblog platform. Files: sharetronix/system/templates/ 00013: <title>page_title ?></title> sharetronix/system/templates/ 00014: <title>page_title ?></title> -:: Solution ::- sharetronix/system/templates/ 00013: <title>page_title); ?></title> sharetronix/system/templates/ 00014: <title>page_title); ?></title> Disclosure Information: - Vulnerability found 26th January - Patch was made available 26th January - Vendor and Buqtraq (SecurityFocus) contacted the 26th January - Will be disclosed on InterN0T 27th January All of the best, MaXe | |
|
| |
| Total comments: 0 | |