Dodging The ScriptsEz Easy Image Downloader Vulnerability

You may be curious as to what vulnerability has been reported this time, as well as what impact this vulnerability is causing. I am sure you are also anxious to hear the solution for this particular vulnerability. It will all be explained to you in good time. The latest news is that a new vulnerability has recently been reported in the ScriptsEz Easy Image Downloader.

The Easy Image downloader is a product of Scriptsez.net. With this Easy Image Downloader you can expect to be able to use images in a very user friendly manner. There is a supported server which is in the programming language PHP. It requires no image and is very easy to install, no matter what Internet browser you are using. If you are utilising Mozilla Firefox 2 that will be acceptable. Some of the files of Mozilla Firefox 2 include but are by no means limited to the following: firefox-branding.js, firefox-l10n.js, inspector-cmdline.js, nsBrowserContentHandler.js as well as WebContentConverter.js.

Now there is a reason for this vulnerability, so let me explain in order for you to gain a better understanding. When the input is passed to the id" parameter in main.php (when "action" is set to "detail"), it is not adequately modified prior to being returned to the user. The main risk is that this vulnerability could be exploited in order to execute arbitrary HTML as well as script code. This would happen within the browsing session of the user, in the context of a site which has been manipulated for the attacker's personal motives and convenience.

Malicious online attackers could also take advantage of this frailty by creating cross sites scripting attacks. If the attacker is able to pull off a cross site scripting attack the results could prove disastrous. The attacker will be able to obtain private information like your passwords and credit card numbers. If the attacker is able to obtain all this information, I am sure you understand that cybercrimes like identity theft are highly possible.

Although this vulnerability has been rated as less critical, it does not mean that Easy Image Downloader users can sit back and relax. Any vulnerability creates a risk regardless of how high or low the risk is, the factor remains that risk is there. The big question is, what is the solution to this dillema? The solution is for user to actually edit the source code in order to ensure that the input is adequately modified in the correct context and manner. I would like to say in conclusion:"A journey of a thousand sites begins with a single click". Anonymous