Zero Science Lab » iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability

iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability

Title: iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2011-5045
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.09.2011

Summary

With iManager you can manage your files/images on your webserver, and it provides user interface to most of the phpThumb() functions. It works either stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor.

Description

iManager suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Vendor

net4visions.com - http://www.net4visions.com

Affected Version

<= 1.2.8 Build 02012008

Tested On

Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41

Vendor Status

N/A

PoC

imanager_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://packetstormsecurity.org/files/105199
[2] http://secunia.com/advisories/46063/
[3] http://www.securelist.com/en/advisories/46063
[4] http://www.net-security.org/secworld.php?id=11649
[5] http://www.securityfocus.com/bid/49675
[6] http://securityreason.com/wlb_show/WLB-2011090092
[7] http://xforce.iss.net/xforce/xfdb/69920
[8] http://osvdb.org/show/osvdb/75601
[9] http://osvdb.org/show/osvdb/75603

Changelog

[17.09.2011] - Initial release
[18.09.2011] - Added reference [1]
[19.09.2011] - Added reference [2]
[20.09.2011] - Added reference [3], [4], [5] and [6]
[22.09.2011] - Added reference [7], [8] and [9]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk