← Advisories

iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability

Medium
Advisory ID
ZSL-2011-5045
Release Date
17 September 2011
Vendor
net4visions.com - http://www.net4visions.com
Affected Version
<= 1.2.8 Build 02012008
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.14 (Win32), PHP 5.3.1, MySQL 5.1.41
Summary

With iManager you can manage your files/images on your webserver, and it provides user interface to most of the phpThumb() functions. It works either stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor.

Description

iManager suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept
imanager_xss.txtTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.org/files/105199
[2]http://secunia.com/advisories/46063/
[3]http://www.securelist.com/en/advisories/46063
[4]http://www.net-security.org/secworld.php?id=11649
[5]http://www.securityfocus.com/bid/49675
[6]http://securityreason.com/wlb_show/WLB-2011090092
[7]http://xforce.iss.net/xforce/xfdb/69920
[8]http://osvdb.org/show/osvdb/75601
[9]http://osvdb.org/show/osvdb/75603
Changelog
17.09.2011Initial release
18.09.2011Added reference [1]
19.09.2011Added reference [2]
20.09.2011Added reference [3], [4], [5] and [6]
22.09.2011Added reference [7], [8] and [9]