torrentfluxXSS.txt

torrentfluxXSS.txt: Posted Oct 12, 2006; Authored by Steven Roddis | Site stevenroddis.com.au; Torrentflux version 2.1 suffers from a cross site scripting condition using the User-Agent as an attack vector.; tags | advisory, xss; SHA-256 | 0f07a88c880c17dce4534f254853cd0093f594d4d3c8c9cae9c901af8406bba9; Download | Favorite | View

torrentfluxXSS.txt

http://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability/
Name: TorrentFlux User-Agent XSS Vulnerability
Published: 2006-10-06
Critical Level: Moderate
Type: Cross-Site Scripting
Where: Remote
Status: 0-Day
Software: Torrentflux 2.1
Discoverer: Steven Roddis (http://www.stevenroddis.com.au)
I gave the authors of this product a week (more than usual) just to contact me, they have failed to do so; so I am releasing this vulnerability publicly!
/admin.php
Line: 325
$ip_info = $ip_resolved."
".$user_agent;
Useragent is not esacped.
Solution:
Edit source code:
/admin.php
Line: 325:
$ip_info = htmlentities($ip_resolved)."
".htmlentities($user_agent);

Top Authors In Last 30 Days

Red Hat 290 files
Ubuntu 63 files
Debian 20 files
Gentoo 8 files
Apple 6 files
LiquidWorm 4 files
Google Security Research 4 files
Alter Prime 3 files
Spencer McIntyre 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

torrentfluxXSS.txt

torrentfluxXSS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

torrentfluxXSS.txt

Share This

torrentfluxXSS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems