[MajorSecurity #10]i.List <= 1.5 - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [MajorSecurity #10]i.List <= 1.5 - XSS
From: admin@xxxxxxxxxxxxxxxx
Date: 8 Jun 2006 17:45:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[MajorSecurity #10]i.List <= 1.5 - XSS 
----------------------------------------

Software: i.List

Version: <=1.5

Type: XSS

Date: June, 8th 2006

Vendor: Skoom

Page: http://skoom.de


Credits:
-------------------------------

David 'Aesthetico' Vieira-Kurz

http://www.majorsecurity.de


Affected Products:
-------------------------------

i.List 1.5 and prior


Description:
-------------------------------

i.List is a php/mysql TOPLIST script.

Requirements:
-------------------------------

register_globals = On


Vulnerability:
-------------------------------

Input passed to the Inputbox in "search.php", the 'URL' inputbox
and 'ButtonURL' in "add.php" is not properly filtered and verified, before it 
is used.
This can be exploited to execute evil XSS-code.

Solution:
-------------------------------

Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".


Exploitation:
-------------------------------
In the inputbox of /search.php:
Search for: <script>alert("MajorSecurity")</script>

In the inputbox 'URL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>

In the inputbox 'ButtonURL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>

Prev by Date: E-Dating System from scriptsez.net - XSS
Next by Date: Ez Ringtone Manager from scriptez.net - XSS
Previous by thread: E-Dating System from scriptsez.net - XSS
Next by thread: Ez Ringtone Manager from scriptez.net - XSS
Index(es):
- Date
- Thread