Referer XSS in E-Blah Platinum

Summary

Vulnerability
Referer XSS in E-Blah Platinum
Discovered
2006.02.16
Last Update
2006.02.22 CVE entry added
ID
EV0083
CVE
CVE-2006-0829
Risk Level
medium
Type
Cross Site Scripting
Status
Patched
Vendor
n/a
Vulnerable Software
E-Blah Platinum (http://www.eblah.com)
Version
9.7
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in E-Blah Platinum (http://www.eblah.com) script.

Vulnerable script: Code/Routines.pl

Environment variable 'HTTP_REFERER' isn't properly sanitized. This can be used to post HTTP query with fake Referer value which may contain arbitrary html or script code. This code will be executed when administrator will open "Click Log".

Administrator's login and password are threatened.

PoC/Exploit

Example of HTTP Query:


GET /cgi-bin/Blah.pl HTTP/1.0
Host: [host]
Referer: [XSS]

Solution.

Vendor-provided patch is available here:

http://www.eblah.com/forum/m-1140116897/

Order Source Code Analysis

You may order PHP code test of your website done by our team.The order will be done by specialists in web application security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>