Archive for February 19th, 2013

Squirrelcart v3.5.4 (table) Remote Cross-Site Scripting Vulnerability

Squirrelcart suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘table’ GET parameter in the ‘index.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Squirrelcart XSS


Squirrelcart Security Patch #SC130218
Release date: 02/19/2013

XSS (Cross Site Scripting) vulnerability patch
Affected Squirrelcart versions: v2.0.0 – 3.5.4

How to find your version number:
You can locate your Squirrelcart version in the upper right hand corner of your control panel.

Patch Info and Instructions
This is a patch for protecting against a XSS (Cross Site Scripting) vulnerability that was discovered on 02/19/2013 by Zero Science Lab: This vulnerability is due to the table parameter passed in the control panel not being sanitized properly,
and can result in HTML or Javascript being inserted into the page.

ZSL Advisory:

Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

Input passed to the ‘dl’ parameter in ‘install.php’ script is not properly sanitised before being used to get the contents of a resource or delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server via directory traversal attack.


113: if (!empty($_GET['dl']) && file_exists(PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl']))
114: {
115: $filename = PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl'];
116: header('Cache-Control: no-cache, must-revalidate');
117: header('Pragma: no-cache');
118: header('Content-Disposition: attachment; filename=""');
119: header('Content-Transfer-Encoding: binary');
120: header('Content-Length: '.filesize($filename));
121: echo file_get_contents($filename);
122: unlink($filename);
123: exit();
124: }