Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20648
HistoryOct 03, 2008 - 12:00 a.m.

XSS vulnerability in phpMyID

2008-10-0300:00:00
vulners.com
33
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: XSS vulnerability in phpMyID
Credits: Raphael Geissert <[email protected]>
Release date: 2008-10-27
Affects: v0.9 [23-Jul-2008]

Resources:
* Homepage: http://siege.org/projects/phpMyID/
* Demo: http://phpmyid.com

Background:
phpMyID is a single user OpenID identity provider implemented in PHP.

Problem description:
The MyID.php script does not sanitize the input it is supposed to be given
by the site where the user wants to be authenticated. When the return_to
address does not have the same "root" as trust_root it aborts, opening a
hole for XSS attacks.

Impact:
A user can be tricked and redirected to its vulnerable identity provider,
place where the specially crafted data exploits the security hole.

Example exploit:
MyID.php?openid_mode=checkid_immediate&openid_return_to=bar
&openid_trust_root=%3Cscript%3Ewindow.alert%28%29%3B%3C%2Fscript%3E
&openid_identity=foo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjeokkACgkQYy49rUbZzlrT4gCgiJx+DciYJ/gwGvofowlGHLUa
dXIAnRJKr7xKJG71jmabclNAx/GEmLa9
=A51u
-----END PGP SIGNATURE-----

JSON