Not signed in ( Sign In)

Categories

Welcome, Guest

Want to take part in these discussions? Sign in if you have an account, or apply for one below

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    •  
      CommentAuthorMischa
    • CommentTimeJan 27th 2010 edited
     permalink
    According to http://www.securityfocus.com/bid/37471 there are multiple cross site scripting vulnerabilities. Have these been verified? How serious is it?
    •  
      CommentAuthorNoWhereMan
    • CommentTimeJan 28th 2010 edited
     permalink
    Usually people contact me before they disclose a security hole. How kind of this guy not doing it. Oh, well.

    Thank you for pointing that out.

    Here is the text of the exploit:


    ========================================================================================
    | # Title : FlatPress Cross Site Scripting Vulnerability |
    | # Author : indoushka |
    | # email : indoushka@hotmail.com |
    | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
    | # Web Site : www.iq-ty.com |
    | # Script : powered by FlatPress / http://www.flatpress.org/ |
    | # Tested on: windows SP2 Fran├žais V.(Pnx2 2.0) + Lunix Fran├žais v.(9.4 Ubuntu) |
    | # Bug : XSS |
    ====================== Exploit By indoushka =================================
    | # Exploit :
    |
    | 1- http://server/flatpress/contact.php/>"><ScRiPt>alert(+213771818860)</ScRiPt>
    | 2- http://server/flatpress/login.php/>"><ScRiPt>alert(+213771818860)</ScRiPt>
    | 3- http://server/flatpress/search.php/>"><ScRiPt>alert(+213771818860)</ScRiPt>
    |
    ================================ Dz-Ghost Team ========================================
    Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
    -------------------------------------------------------------------------------------------



    if you point your browser to those URLs you'll get a JavaScript alert. IMO it is not a very dangerous issue (the attacker must send you a specially crafted URL and you have to follow it), by the way it's now fixed on SVN

    /fp-interface/sharedtpls/contact.tpl
    /fp-interface/sharedtpls/login.tpl
    /fp-interface/sharedtpls/search.tpl
    •  
      CommentAuthorMischa
    • CommentTimeJan 28th 2010
     permalink
    I had the same thing when I was still actively developing Postfix Admin. Always nice when they just publish.
    Thanx for fixing it so quickly! Any idea when the next release will be out?
    •  
      CommentAuthorriclees
    • CommentTimeApr 4th 2010
     permalink
    Hi, is there a plan to patch for this?

    Also, I discovered this page referring to another exploit:
    http://www.exploit-db.com/exploits/12034 (posted today?)

    Both seem like fairly serious problems. I have Flatpress on ten sites... and was thinking I may use the PHP strip_tags function to only allow a small subset of tags, perhaps a quick workaround for the fix?
    •  
      CommentAuthorNoWhereMan
    • CommentTimeApr 4th 2010 edited
     permalink
    lastcomments is a horrible,horrbile plugin thrown that really mostly as an example, since people asked for it. I don't even use it (usually).
    By the way, I have "fixed" the offending line on SVN

    http://flatpress.svn.sf.net/viewvc/flatpress/trunk/flatpress/fp-plugins/lastcomments/plugin.lastcomments.php?revision=318&view=markup

    the other issue discussed here has been fixed already in FP 0.909.1