|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 6890 CVE : CVE-2009-4450 CWE : CWE-79 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : Yes Exploit Available : Yes Credit : MaXe Published : 30.12.2009
Advisory Content : LiveZilla - Cross Site Scripting Vulnerability Version Affected: 3.1.8.3 (newest) Info: LiveZilla, the Next Generation Live Help / Live Chat and Live Support System connects you to your website visitors. Use LiveZilla to provide Live Chats and monitor your website visitors in real-time. Convert visitors to customers - with LiveZilla! Credits: InterN0T External Links: http://www.livezilla.net/ -:: The Advisory ::- The following files would together be vulnerable to Cross Site Scripting. 1. livezilla/templates/map.tpl (lines 18-20) var default_lat = <!--dlat-->; var default_lng = <!--dlng-->; var default_zom = <!--dzom-->; 2. livezilla/map.php (lines 15-28) if(isset($_GET["lat"])) $map = str_replace("<!--dlat-->",$_GET["lat"],$map); else $map = str_replace("<!--dlat-->","25",$map); if(isset($_GET["lng"])) $map = str_replace("<!--dlng-->",$_GET["lng"],$map); else $map = str_replace("<!--dlng-->","10",$map); if(isset($_GET["zom"])) $map = str_replace("<!--dzom-->",$_GET["zom"],$map); else $map = str_replace("<!--dzom-->","1",$map); Proof of Concept: (</script><script>alert(0)</script>) http://localhost/livezilla/map.php?lat=%3C/script%3E%3Cscript%3Ealert(%2 2InterN0T.net%22)%3C/script%3E Pseudo Proof of Concept: - Javascript functions could also have been executed inside the javascript where the vulnerable code is. -:: Solution ::- The following patch was supplied to the vendor: 1. livezilla/templates/map.tpl (lines 18-20) var default_lat = "<!--dlat-->"; var default_lng = "<!--dlng-->"; var default_zom = "<!--dzom-->"; 2. livezilla/map.php (lines 15-28) if(isset($_GET["lat"])) $map = str_replace("<!--dlat-->",htmlentities($_GET["lat"]),$map); else $map = str_replace("<!--dlat-->","25",$map); if(isset($_GET["lng"])) $map = str_replace("<!--dlng-->",htmlentities($_GET["lng"]),$map); else $map = str_replace("<!--dlng-->","10",$map); if(isset($_GET["zom"])) $map = str_replace("<!--dzom-->",htmlentities($_GET["zom"]),$map); else $map = str_replace("<!--dzom-->","1",$map); We used htmlentities() since we thought that would be the best solution. The other functions named htmlspecialchars(), urlencode() and raw_urlencode() could have been an alternative to the above. Disclosure Information: - Vulnerability found 27th December - Patch was made available 27th December - Disclosed on InterN0T 27th December - Vendor and Buqtraq (SecurityFocus) contacted the 27th December All of the best, MaXe References : http://www.securityfocus.com/archive/1/archive/1/508613/100/0/threaded
http://secunia.com/advisories/37990
http://osvdb.org/61348
http://forum.intern0t.net/intern0t-advisories/1998-intern0t-livezilla-cross-site-scripting-vulnerability.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |