[pLog-svn] Fwd: XSS in referrer
Jon Daley
plogworld at jon.limedaley.com
Thu Jan 13 07:47:57 EST 2011
blogaction.class.php:
$referers->addReferer( $_SERVER['HTTP_REFERER'], 0, $this->_blogInfo->getId());
We'll need to check if there are any other places where we use $_SERVER
variables that need to be sanitized. Hm - I don't think LifeType probably
uses it, but setting $_SERVER["REMOTE_HOST"] might be interesting. And on
a dedicated server, you might even be able to use $_SERVER["HTTP_HOST"] as
an XSS vector.
On Thu, 13 Jan 2011, Jon Daley wrote:
> I'm not sure what they mean when they say "the vendor was notified".
> I suppose that means that we were notified when they published it on this web
> page? Not exactly what anyone should consider "notified".
>
>
> LifeType 1.2.10 HTTP Referer stored XSS
> Exploit Title: lifetype 1.2.10 http referer XSS # Date: 11-1-2010 # Author:
> Saif El-Sherei # Software Link: http://lifetype.net/page/downloads #
> Version: ...
> <http://www.exploit-db.com/exploits/15981/>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
--
Jon Daley
http://jon.limedaley.com
~~
Paper is always strongest at the perforations.
-- Corry
More information about the pLog-svn
mailing list