#####################################################
Comersus BackOffice Plus Cross site scripting
Vendor url:http://www.comersus.com/demo.html
Advisore:http://lostmon.blogspot.com/2005/10/
comersus-backoffice-plus-cross-site.html
vendor notify:yes exploit available:yes
OSVDB ID:20032
Secunia:17219
Securitytracker:1015064
BID:15118
######################################################
Comersus BackOffice Plus contains a flaw that allows a remote
cross site scripting attack.This flaw exists because the
application does not validate some variables upon submission to
comersus_backoffice_searchItemForm.asp script.This could allow
a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.
#############
version:
##############
Comersus Backoffice plus
###########
solution:
###########
No solution was available at this time.
####################
Timeline
####################
discovered: 24-09-2005
vendor notify:28-09-2005
vendor response:28-09-2005
vendor especific bug report: 7-10-2005
Vendor response:-----------
disclosure: 16-10-2005
##################
Proof of comcept:
##################
For exploit this flaw you must be logged...
http://[victim]/backOfficePlus/comersus_backoffice_searchItemForm.asp?
forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&
forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE]
all variables are vulnerables to Cross site
scripting
##################### €nd #####################
Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)