Referer XSS in E-Blah Platinum

Summary

Vulnerability
Referer XSS in E-Blah Platinum
Discovered
2006.02.16
Last Update
2006.02.22 CVE entry added
ID
EV0083
CVE
CVE-2006-0829
Risk Level
medium
Type
Cross Site Scripting
Status
Patched
Vendor
n/a
Vulnerable Software
E-Blah Platinum (http://www.eblah.com)
Version
9.7
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in E-Blah Platinum (http://www.eblah.com) script.

Vulnerable script: Code/Routines.pl

Environment variable 'HTTP_REFERER' isn't properly sanitized. This can be used to post HTTP query with fake Referer value which may contain arbitrary html or script code. This code will be executed when administrator will open "Click Log".

Administrator's login and password are threatened.

PoC/Exploit

Example of HTTP Query:


GET /cgi-bin/Blah.pl HTTP/1.0
Host: [host]
Referer: [XSS]

Solution.

Vendor-provided patch is available here:

http://www.eblah.com/forum/m-1140116897/