TinyMCE/TinyBrowser Cross-Site Scripting and Cross-Site Request Forgery

Posted on Wednesday, July 29, 2009 @ 21:15:57 CEST in Security
by Raven


VERIFY ADVISORY: http://secunia.com/advisories/36031/


- TinyMCE editor with TinyBrowser plugin
- Any web sites/web applications that use TinyMCE editor with TinyBrowser plugin

DESCRIPTION: Aung Khant has reported some vulnerabilities in TinyBrowser, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. The vulnerabilities are reported in version 1.41.6. Other versions may also be affected.

1) Input passed to the "goodfiles", "badfiles", and "dupfiles" parameters in upload.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete uploaded files if a logged-in user visits a specially crafted web site.

SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted websites or follow untrusted links while logged in to the application.

PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group

ORIGINAL ADVISORY: http://yehg.net/lab/pr0js/advisories/tinybrowser_1416_multiple_vulnerabilities
click Related        click Share
Associated Topics

News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 375,079,430
  • Today: 26,266
Server InfoServer Info
  • Jan 17, 2019
  • 09:26 am CET