BugTraq
LightNEasy v.1.2.2 flat Multiple Vulnerabilities Apr 18 2008 08:10AM
darkz gsa gmail com
LightNEasy v.1.2.2 flat Multiple Vulnerabilities

Author: Gerendi Sandor Attila

Date: April 14, 2008

Package: LightNEasy

Product homepage: http://lightneasy.uni.cc/

Versions Affected: v.1.2.2 (Other versions may also be affected)

Severity: High

1. Cross-Site Scripting (XSS):

Input passed to "page" in "index.php" and "LightNEasy.php" is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed.

Examples:

http://somehost/LightNEasy_1_2_2_flat/index.php?page=%00</title><script>
alert("xss")</script>

http://somehost/LightNEasy_1_2_2_flat/LightNEasy.php?page=%00</title><sc
ript>alert("xss")</script>

2. Directory Traversal:

Input passed to "page" in "index.php" and "LightNEasy.php" is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources.

Example:

http://somehost/LightNEasy_1_2_2_flat/LightNEasy.php?page=../../../../..
/../../include.txt%00

or:

3. Arbitrary File Creation:

Input passed to "page" in "index.php" and "LightNEasy.php" is not properly sanitised before being used to create files.

Status:

1. Contacted the author at April 14, 2008 via http://www.lightneasy.org/contact.php.

2. A Security patch was released on April 15, 2008.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus