iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability
Title: iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2011-5045
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.09.2011
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
[2] http://secunia.com/advisories/46063/
[3] http://www.securelist.com/en/advisories/46063
[4] http://www.net-security.org/secworld.php?id=11649
[5] http://www.securityfocus.com/bid/49675
[6] http://securityreason.com/wlb_show/WLB-2011090092
[7] http://xforce.iss.net/xforce/xfdb/69920
[8] http://osvdb.org/show/osvdb/75601
[9] http://osvdb.org/show/osvdb/75603
[18.09.2011] - Added reference [1]
[19.09.2011] - Added reference [2]
[20.09.2011] - Added reference [3], [4], [5] and [6]
[22.09.2011] - Added reference [7], [8] and [9]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-5045
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.09.2011
Summary
With iManager you can manage your files/images on your webserver, and it provides user interface to most of the phpThumb() functions. It works either stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor.Description
iManager suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.Vendor
net4visions.com - http://www.net4visions.comAffected Version
<= 1.2.8 Build 02012008Tested On
Microsoft Windows XP Professional SP3 (EN)Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
N/APoC
imanager_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://packetstormsecurity.org/files/105199[2] http://secunia.com/advisories/46063/
[3] http://www.securelist.com/en/advisories/46063
[4] http://www.net-security.org/secworld.php?id=11649
[5] http://www.securityfocus.com/bid/49675
[6] http://securityreason.com/wlb_show/WLB-2011090092
[7] http://xforce.iss.net/xforce/xfdb/69920
[8] http://osvdb.org/show/osvdb/75601
[9] http://osvdb.org/show/osvdb/75603
Changelog
[17.09.2011] - Initial release[18.09.2011] - Added reference [1]
[19.09.2011] - Added reference [2]
[20.09.2011] - Added reference [3], [4], [5] and [6]
[22.09.2011] - Added reference [7], [8] and [9]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk