1. Introduction
The Securimage example_form.php script contains a cross-site scripting vulnerability. This means an attacker could inject malicious code into a user’s browser, potentially stealing cookies, redirecting users, or modifying website content. Systems running vulnerable versions of Securimage are affected, particularly those using the example form functionality. A successful exploit may compromise confidentiality, integrity and availability of the web application.
2. Technical Explanation
- Root cause: Missing input validation on the ‘REQUEST_URI’ variable in example_form.php
- Exploit mechanism: An attacker crafts a malicious URL containing JavaScript code within the ‘REQUEST_URI’ parameter, which is then reflected back to the user’s browser and executed. For example:
http://example.com/example_form.php? - Scope: Securimage versions prior to a currently unknown patched version are affected.
3. Detection and Assessment
To confirm vulnerability, check the installed Securimage version. A thorough assessment involves attempting to inject XSS payloads.
- Quick checks: Check the Securimage version via the web interface or by examining the file properties of the Securimage installation directory.
- Scanning: Nessus plugin ID 59796 can detect this vulnerability as an example. Other scanners may also have relevant signatures.
- Logs and evidence: Examine web server logs for requests containing suspicious characters or JavaScript code in the ‘REQUEST_URI’ parameter. Look for patterns like `