Info

Disclosure

Apr 13, 2005

Discovery

Unknown

Dates

Exploit

Apr 13, 2005

Solution

Unknown

Description

Smartor Photo Album for phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bsid' variable upon submission to the 'album_comment.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. NOTE: Subsequent examination after vendor dispute suggests there are no occurances of a "bsid" variable in the Smartor Photo Album distribution. It is possible this issue applies to custom installations, or unsanitized variables in phpBB are passed to this script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Disputed
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Smartor

Photo Album for phpBB

2.0.53

References

Bugtraq ID: 13158
Related OSVDB ID: 15931 15932
CVE ID: 2005-1115 (see also: NVD)
Mail List Post: http://attrition.org/pipermail/vim/2006-June/thread.html
Other Advisory URL: http://digitalparadox.org/viewadvisories.ah?view=21
Vendor Specific News/Changelog Entry: http://osvdb.org/ref/15/1593x-smartor-reply.txt
Vendor URL: http://smartor.is-root.com/viewtopic.php?t=3021

Credit

Diabolic Crab - dcrabhackerscenter.com - Personal Page

Direct URL: http://osvdb.org/15933