← Advisories

Yahei-PHP Prober v0.4.7 (speed) Remote HTML Injection Vulnerability

Medium

Advisory ID

ZSL-2019-5531

Release Date

24 July 2019

Vendor

Yahei.Net - http://www.yahei.net

Affected Version

0.4.7

CVE

CVE-2019-25280

Tested On

OneinStack (Linux 3.10.0-862.14.4.el7.x86_64), nginx/1.14.0, PHP/7.2.11

Summary

Detection of system web server operating environment.

Description

Input passed to the GET parameter 'speed' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.

 /prober.php:
--------------
206: elseif(isset($_GET['speed']) and $_GET['speed']>0)
207: {
208:    $speed=round(100/($_GET['speed']/1000),2);
209: }
...
...
1393:   <?php echo (isset($_GET['speed']))?"Download 1000KB Used <font color='#cc0000'>".$_GET['speed']."</font> Millisecond, Download Speed: "."<font color='#cc0000'>".$speed."</font>"." kb/s":"<font color='#cc0000'>&nbsp;No Test&nbsp;</font>" ?>

Proof of Concept

php_probe_htmli.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://packetstormsecurity.com/files/153756

[2]https://cxsecurity.com/issue/WLB-2019070132

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/164412

[4]https://www.cve.org/CVERecord?id=CVE-2019-25280

Changelog

24.07.2019Initial release

02.08.2019Added reference [1], [2] and [3]

24.03.2026Added reference [4]