TinyMCE/TinyBrowser Cross-Site Scripting and Cross-Site Request Forgery

Posted on Wednesday, July 29, 2009 @ 20:15:57 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA36031

VERIFY ADVISORY: http://secunia.com/advisories/36031/

SEVERITY: High

AFFECTED PRODUCTS:
- TinyMCE editor with TinyBrowser plugin
- Any web sites/web applications that use TinyMCE editor with TinyBrowser plugin

DESCRIPTION: Aung Khant has reported some vulnerabilities in TinyBrowser, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. The vulnerabilities are reported in version 1.41.6. Other versions may also be affected.

1) Input passed to the "goodfiles", "badfiles", and "dupfiles" parameters in upload.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete uploaded files if a logged-in user visits a specially crafted web site.

SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted websites or follow untrusted links while logged in to the application.

PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group

ORIGINAL ADVISORY: http://yehg.net/lab/pr0js/advisories/tinybrowser_1416_multiple_vulnerabilities
 
 
click Related        click Share
 
 
Associated Topics

PHP-Nuke
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,744,454
  • Today: 51,608
Server InfoServer Info
  • Oct 20, 2018
  • 11:49 am PDT
 
 

Daily Inspiration