← Advisories

phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability

Low
Advisory ID
ZSL-2012-5088
Release Date
16 May 2012
Vendor
SiliSoftware - http://www.silisoftware.com
Affected Version
1.7.11-201108081537
CVE
CVE-2012-2910
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, PHP 5.3.8, MySQL 5.5.20
Summary

phpThumb() uses the GD library to create thumbnails from images (JPEG, PNG, GIF, BMP, etc) on the fly. The output size is configurable (can be larger or smaller than the source), and the source may be the entire image or only a portion of the original image.

Description

phpThumb is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'dir' and the 'title' parameter of the 'phpThumb.demo.random.php' and 'phpThumb.demo.showpic.php' scripts. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept
phpthumb_xss.txtTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://cxsecurity.com/issue/WLB-2012050118
[2]http://packetstormsecurity.org/files/112797
[3]http://www.securityfocus.com/bid/53572
[4]http://www.1337day.com/exploits/18286
[5]http://xforce.iss.net/xforce/xfdb/75709
[6]http://www.osvdb.org/show/osvdb/82295
[7]http://www.osvdb.org/show/osvdb/82296
[8]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2910
Changelog
16.05.2012Initial release
18.05.2012Added reference [2], [3] ana [4]
20.05.2012Added reference [5]
30.05.2012Added reference [6], [7] and [8]