[ Video Sharing CMS v4 ] Security Problem

Started by diego.bardalez,

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

diego.bardalezTopic starter

Hello guys,

I found a security problem in the phpvibe script
Stored XSS

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

POC: upload a video or image , set title = "><img src=X onerror=prompt(1337);>
"
Demo: http://www.videoscriptdemo.com/video/7358/-quot-gt-lt-img-src-x-onerror-prompt-1337-gt-/&nsfw=1



Regards
  •  

TigerClaw

Thank you to have advised the community about it but I strongly suggest to modify your post and send first of all the information by private message to Mario
  •  

Marius P.

Hi, thank you for reporting!
I've updated the anti_xss class to include the 'onerror' tag also.
Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

Abraham

  •  

Marius P.

Will post shortly a topic for the patch.
Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

Marius P.

Ok, here is a brief update:

lib/functions.html.php

Find:

//This light function strips everything...no questions asked
//...except for some few safe html tags



Replace the function under this comment with :



function antixss_light($text) {
$text = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $text );
$text  = strip_tags($text);
//Remove external scripts
$search = array(
    '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
    '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
    '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
  );
$tx_output = preg_replace($search, '', $text);
//Deep remove the rest
$injections = array('<script','iframe','<object','applet','<embed','onblur',');>','onchange','onclick','ondblclick','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmousemove','onmouseout','onmouseover','onmouseup','onreset','onselect','onsubmit','onunload', '<src','<img src','onerror','prompt(','alert(', 'document.body.innerHTML', 'document.body', 'document.title','<!--','innerHTML');
$output  = str_replace($injections, '', $tx_output);
return $output;
}

Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

PHPClient

I performed the recommend patch and an error code was generated for line 455 (syntax)

See attachment

Thanks

Mario
  •  

Marius P.

What' the error code, I've updated all sites with this and no problem.
Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

PHPClient

See 1st attachment for error code
See 2nd attachment for error codes when I click on "Upload" on website
See 3rd attachment for php code pasted

If I remove the "}" from line 455, I still get the error codes in attachment #2
  •  

Marius P.

Matte, you didn't replace the function, you've just replaced the function name line (first line).
I've just now looked closer, you've left all of the old function there except the first line in it.
Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

Marius P.

Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

PHPClient

  •  

Similar topics (7)