Search
Home

imei Addmimistrator’s BugBlog

imei’s security Advisories and researches

« Olate Download 3.4.1 ~ environment.php ~ Code Execution
Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS »

Olate Download 3.4.2~modules/core/uim.php~XSS

——————-Summary—————-
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Not Available
Discovered by: imei addmimistrator
Risk Level: Middel
—————–Description—————
Olate download is prone to Cross site scripting, cause of trusting to unsafe variable, $_SERVER['PHP_SELF'].
Programmers team, trusted that $_SERVER['PHP_SELF'] contained executed php file. I was reading bug report of this issue in php support site. it was reported as a bug but support team accepted this as a documentation bug.
Related code lied at:386 uim.php
$global_vars['php_self'] = $_SERVER['PHP_SELF'];
————–Exploit———————-

olate/files.php/fffffff%22%3E%3Cscript%3E
alert(1)%3C/script%3Ef/?cat=1
———–Solution———————
update to 3.4.3
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com

Posted by imei on Wednesday, August 22nd, 2007 at 9:17 pm.

One Response to “Olate Download 3.4.2~modules/core/uim.php~XSS”

    http://secunia.com/advisories/26565/

    Left by imei on August 25th, 2007

Something to say?

You must be logged in to post a comment.