Clever Copy Referer and X-Forwarded-For XSS
Summary
- Vulnerability
- Clever Copy Referer and X-Forwarded-For XSS
- Discovered
- 2006.02.06
- Last Update
- 2006.02.12 Exploitation code published
- ID
- EV0064
- CVE
- CVE-2006-0627
- Risk Level
- medium
- Type
- Cross Site Scripting
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- Clever Copy V3 (http://clevercopy.bestdirectbuy.com)
- Version
- 3.0 2.0 2.0a
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Clever Copy V3 (http://clevercopy.bestdirectbuy.com) script.
Vulnerable script: stats/script.php
Variables $_SERVER['HTTP_REFERER'] $_SERVER['HTTP_X_FORWARDED_FOR'] are not properly sanitized. This can be used to post HTTP query with fake Referer or X-Forwarded-For values which may contain arbitrary html or script code. This code will be executed when administrator will open Site Stats.
Administrator's session is threatened.
PoC/Exploit
Example of HTTP Query:
GET /path//stats/script.php?image=1&javascript=false HTTP/1.0
Host: host
Referer: http://path/index.php<XSS>
X-Forwarded-For: anyIP<XSS>
Solution.
Solution for "Clever Copy Referer and X-Forwarded-For XSS" is not available. Check vendor's website for updates.