Zenphoto 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1208679 漏洞类型 跨站脚本
发布时间 2020-02-11 更新时间 2020-02-21
CVE编号 CVE-2012-4519 CNNVD-ID CNNVD-202002-464
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202002-464
|漏洞详情
ZenPhoto是一套免费的图片库内容管理系统。该系统可管理图片,且支持音频、视频等多媒体。 Zenphoto 1.4.3.4之前版本中存在跨站脚本漏洞,该漏洞源于admin-news-articles.php脚本无法正确验证用户的输入。远程攻击者可借助‘data’参数利用该漏洞获取敏感信息。
|漏洞EXP

-------------------------
Affected products:
-------------------------

Product : 		Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
Affected function:	printPublishIconLink

----------
Details:
----------

The file admin-news-articles.php calls the function printPublishIconLink
which generates HTML from data stored in the $_GET super global, this can be
used to generate a XSS attack or more seriously, as a admin user need to be
logged in to access the page admin-news-articles.php, a cookie stealing
script.

Example code:
http://127.0.0.1/zenphoto/zp-core/zp-extensions/zenpage/admin-news-articles.
php?date=%22%3E%3Cscript%3Ealert%28%27Cookie%20sealing%20Javascript%27%29;%3
C/script%3E%3C>

--------------------
Suggested fix:
--------------------

Sanitize the $_GET super global on lines 1637 through 1641 in
zenpage-admin-functions.php file

------------
Timeline:
------------

12-Sept-2012  Zenphoto and UK-CERT informed
18-Sept-2012 Zenphoto confirmed and fixed (see
http://www.zenphoto.org/trac/changeset/10836).
1-Oct-2012 Zenphoto 1.4.3.3 released fixing hole.

--
Scott Herbert Cert Web Apps (Open)
http://blog.scott-herbert.com/
Twitter @Scott_Herbert



|参考资料

来源:www.openwall.com

链接:http://www.openwall.com/lists/oss-security/2012/10/11/10


来源:www.openwall.com

链接:http://www.openwall.com/lists/oss-security/2013/07/10/19


来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2012-4519