Search | Research | Contact Us Wednesday February 28, 2022
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 PEAR XML_RPC Library Remote Code Execution
  6 eBay And Amazon Still Vulnerable
  7 Woltlab Burning Board SQL Injection Vulnerability
  8 When Small Mistakes Can Cause Big Problems
  9 WordPress And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
CPAINT AJAX Library Cross Site Scripting
February 9, 2022
Vendor : CPAINT
Version : CPAINT <= 2.0.2
Risk : Cross Site Scripting

CPAINT (Cross-Platform Asynchronous INterface Toolkit) is a multi-language toolkit that helps web developers design and implement AJAX web applications with ease and flexibility. CPAINT does not sanatize all user supplied data properly which leads to cross site scripting. This makes not only CPAINT vulnerable, but the applications that use CPAINT as a third party library are vulnerable as well.

Cross Site Scripting:
There is a cross site scripting issue in CPAINT versions prior to 2.0.3 that allows for a malicious user to conduct cross site scripting attacks against the application using the CPAINT libraries.


The above is an example of the Cross Site Scripting issue. Note that script.php is just symbolic as the name of the script would obviously be the script making use of the CPAINT library. The vulnerability occurs in this case within the file @ lines 169-172
// determine response type
if (isset($_REQUEST['cpaint_response_type'])) {
    $this->response_type = strtoupper((string) $_REQUEST['cpaint_response_type']);
} // end: if

The above code causes the response_type variable to become whatever the attacker wants it to be, and is later used in a switch statement where it is echoed back to the end user. This vulnerability can lead to disclosure of client side data and possibly aid in social attacks.

Thanks to Paul Sullivan for a very quick resolution to this issue ( about 24hrs, very good :) ) A new version of CPAINT is now available and users should upgrade to CPAINT 2.0.3

The above url contains additional download information such as where to find the latest available version.

James Bercegay of the GulfTech Security Research Team