####################################################
Flyspray "The bug killer" multiple variable Cross-Site Scripting
vendor url:http://flyspray.rocks.cc/
Vendor specific bug report: http://flyspray.rocks.cc/bts/task/703
Advisore:http://lostmon.blogspot.com/2005/10/
flyspray-bug-killer-multiple-variable.html
vendor notify:yes exploit available:yes
OSVDB ID:20326
Secunia:17316
BID:15209
#####################################################
Flyspray is an uncomplicated, web-based bug tracking system for
assisting with software development.
Flyspray "The bug killer" contains a flaw that allows a remote
cross site scripting attack.This flaw exists because the application
does not validate multiple variables upon submission to index.php
script.This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server,
leading to a loss of integrity.
##################
versions
##################
Flyspray 0.9.7
Flyspray 0.9.8
Flyspray 0.9.8 (devel)
##################
solution
##################
Update to version Flyspray 0.9.8 update1
###################
TimeLine
###################
Discovered:20-10-2005
Vendor notify:24-10-2005
Vendor response:25-10-2005
Disclosure:26-10-2005
####################
Examples
####################
http://[victim]/index.php?PHPSESSID=270ca5a0f7c1e5b2fd4c
52b34cdfe546&tasks=&project=1&string=lala&type=&sev=&due=
&dev=&cat=&status=&perpage=20
variables PHPSESSID, task,string,type,serv,due,dev are
afected by XSS flaws.
http://[victim]/index.php?tasks=all%22%3E%3Cscript
%3Ealert%28%29%3C%2Fscript%3E&project=0
variable task afected.
http://[victim]/index.php?order=sev&project=1&tasks=&type=
&sev=&dev=&cat=&status=&due=&string=&perpage=20&pagenum=0&
sort=desc&order2=&sort2=desc
task,type,due,string,sort2, these variables are
afected by XSS flaws.
########################## €nd #############################
thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Comersus BackOffice Plus Cross site scripting
Sunday, October 16, 2005
#####################################################
Comersus BackOffice Plus Cross site scripting
Vendor url:http://www.comersus.com/demo.html
Advisore:http://lostmon.blogspot.com/2005/10/
comersus-backoffice-plus-cross-site.html
vendor notify:yes exploit available:yes
OSVDB ID:20032
Secunia:17219
Securitytracker:1015064
BID:15118
######################################################
Comersus BackOffice Plus contains a flaw that allows a remote
cross site scripting attack.This flaw exists because the
application does not validate some variables upon submission to
comersus_backoffice_searchItemForm.asp script.This could allow
a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.
#############
version:
##############
Comersus Backoffice plus
###########
solution:
###########
No solution was available at this time.
####################
Timeline
####################
discovered: 24-09-2005
vendor notify:28-09-2005
vendor response:28-09-2005
vendor especific bug report: 7-10-2005
Vendor response:-----------
disclosure: 16-10-2005
##################
Proof of comcept:
##################
For exploit this flaw you must be logged...
http://[victim]/backOfficePlus/comersus_backoffice_searchItemForm.asp?
forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&
forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE]
all variables are vulnerables to Cross site
scripting
##################### €nd #####################
Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Comersus BackOffice Plus Cross site scripting
Vendor url:http://www.comersus.com/demo.html
Advisore:http://lostmon.blogspot.com/2005/10/
comersus-backoffice-plus-cross-site.html
vendor notify:yes exploit available:yes
OSVDB ID:20032
Secunia:17219
Securitytracker:1015064
BID:15118
######################################################
Comersus BackOffice Plus contains a flaw that allows a remote
cross site scripting attack.This flaw exists because the
application does not validate some variables upon submission to
comersus_backoffice_searchItemForm.asp script.This could allow
a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.
#############
version:
##############
Comersus Backoffice plus
###########
solution:
###########
No solution was available at this time.
####################
Timeline
####################
discovered: 24-09-2005
vendor notify:28-09-2005
vendor response:28-09-2005
vendor especific bug report: 7-10-2005
Vendor response:-----------
disclosure: 16-10-2005
##################
Proof of comcept:
##################
For exploit this flaw you must be logged...
http://[victim]/backOfficePlus/comersus_backoffice_searchItemForm.asp?
forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&
forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE]
all variables are vulnerables to Cross site
scripting
##################### €nd #####################
Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)
Posts
