iBrowser Plugin v1.4.1 (dir) Remote Cross-Site Scripting Vulnerability

Title: iBrowser Plugin v1.4.1 (dir) Remote Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2011-5044
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.09.2011
Summary
iBrowser is an image browser plugin for WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor developed by net4visions. It allows image browsing, resizing on upload, directory management and more with the integration of the phpThumb image library.
Description
iBrowser suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
Vendor
net4visions.com - http://www.net4visions.com
Affected Version
<= 1.4.1 Build 10182009
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
N/A
PoC
ibrowser_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/105196
[2] http://secunia.com/advisories/41634
[3] http://www.securityfocus.com/bid/49675
[4] http://securityreason.com/wlb_show/WLB-2011090091
Changelog
[17.09.2011] - Initial release
[18.09.2011] - Added reference [1]
[19.09.2011] - Added reference [2]
[20.09.2011] - Added reference [3] and [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk