HackDig : Dig high-quality web security articles for hacker

Yahei-PHP Prober v0.4.7 (speed) Remote HTML Injection Vulnerability

2019-10-18 00:00
Title: Yahei-PHP Prober v0.4.7 (speed) Remote HTML Injection Vulnerability
Advisory ID: ZSL-2019-5531
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 24.07.2019
Summary
Detection of system web server operating environment.
Description
Input passed to the GET parameter 'speed' is not properlysanitised before being returned to the user. This can be exploitedto execute arbitrary HTML code in a user's browser session in contextof an affected site.

--------------------------------------------------------------------------------

/prober.php:
--------------
206: elseif(isset($_GET['speed']) and $_GET['speed']>0)
207: {
208: $speed=round(100/($_GET['speed']/1000),2); //下载速度: $speed kb/s
209: }
...
...
1393: <?php echo (isset($_GET['speed']))?"Download 1000KB Used <font color='#cc0000'>".$_GET['speed']."</font> Millisecond, Download Speed: "."<font color='#cc0000'>".$speed."</font>"." kb/s":"<font color='#cc0000'>&nbsp;No Test&nbsp;</font>" ?>

--------------------------------------------------------------------------------

Vendor
Yahei.Net - http://www.yahei.net
Affected Version
0.4.7
Tested On
OneinStack (Linux 3.10.0-862.14.4.el7.x86_64)
nginx/1.14.0
PHP/7.2.11
Vendor Status
N/A
PoC
php_probe_htmli.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://packetstormsecurity.com/files/153756
[2] https://cxsecurity.com/issue/WLB-2019070132
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/164412
Changelog
[24.07.2019] - Initial release
[02.08.2019] - Added reference [1], [2] and [3]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.1355-9102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:612 | Comments:0 | Tags: Vulnerability

“Yahei-PHP Prober v0.4.7 (speed) Remote HTML Injection Vulnerability”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud