Be Watchful Of The Zoph Cross Site Scripting Vulnerability

News

Contributed by: Lauren Gerber
Date: July 3, 2009

	-1 Vote 0	Be Watchful Of The Zoph Cross Site Scripting Vulnerability

Will these computer security vulnerabilities ever stop impacting us and affecting the online world? The truth is that, until there is a dramatic new technological discovery that happens, they shall keep on haunting us. This latest vulnerability relates to a wonderful product called Zoph.

What exactly is Zoph? For those of you, who lack knowledge with regards to Zoph, I am here to fill the gaps for you by explaining what Zoph actually is. Zoph is a web based digital image presentation as well as it being a management system. It is a fantastic photo album which uses Perl, MySQL as well as the PHP programming languages. It can even be used with Windows 2000. Some of the files of Windows 2000 may include but are by no means limited to the following: a1base.sys, bhp001.dll, c_eucdb.dll, DATAPROD.INF as well as e100.sys.

The main reason for this vulnerability is due to unspecified input not being correctly modified before being returned to the user. This runs the risk of being exploited in order to execute arbitrary HTML and script code in a user's browser. This takes place within the context of the site which has actually been directly affected due to this vulnerability.

If this vulnerability is exploited by malicious characters then the possibilities are very high that cross site scripting attacks may be conducted. If an attack is carried out effectively malicious characters could bypass certain controls and computer restrictions which will result in them being able to basically take complete control of your system. Now you may be able to understand why this Zoph vulnerability runs the risks of creating so much trouble for its users.

This vulnerability has surprisingly been rated as less critical. It was discovered in versions prior to version 0.7.0.6. The solution for all users is to make sure you update to the latest version 0.7.0.6. It is really worth your while to make sure your software is updated to the latest versions. It may thus be quoted in conclusion: If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. - White House Cybersecurity Advisor, Richard Clarke

Resources:
This is the original advisory pertaining to the Zoph vulnerability.
You can update to the latest version here.
The Zoph site.
Some windows 2000 vulnerabilities.

User Comments

Lauren Gerber September 17, 2009

Damned what a crap. This is just an automatically generated article that really makes no *** sense at all.

I mean "It can even be used with Windows 2000. Some of the files of Windows 2000 may include but are by no means limited to the following: a1base.sys, bhp001.dll, c_eucdb.dll, DATAPROD.INF as well as e100.sys.", when talking about a PHP application... what bollocks!

Please remove this site from the Internet as it is only about spreading bull***.

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now