|
Feeds -
Exploits
|
|
Written by Adam Baldwin
|
|
Monday, 23 March 2009 22:14 |
ExpressionEngine Avtaar Name HTML Injection Vulnerability
-\\Bugtraq ID:
34193
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 22 2009 12:00AM
-\\Updated:
Mar 23 2009 02:46PM
-\\Credit:
Adam Baldwin
-\\Vulnerable:
EllisLab ExpressionEngine 1.6.6
EllisLab ExpressionEngine 1.6.4
-\\Not Vulnerable:
EllisLab ExpressionEngine 1.6.7
-\\Discussion
ExpressionEngine is prone to an HTML-injection vulnerability because the application fails to properly
sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially
allowing the attacker to steal cookie-based authentication credentials or to control how the site is
rendered to the user. Other attacks are also possible.
ExpressionEngine versions 1.6.4 to 1.6.6 are affected. Other versions may also be vulnerable.
-\\Exploit(s)/PoC(s):
Attackers can use a browser to exploit this issue.
The following example input is available:
chococat.gif"><script>alert('XSS')</script><div "a
-\\Solution
The vendor has released fixes. Please see the references for more information.
-\\References(s)
--ExpressionEngine Homepage
http://expressionengine.com (EllisLab)
|
