lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 24 Nov 2004 19:58:36 -0300
From: Carlos Ulver <carlos.ulver@...il.com>
To: bugtraq@...urityfocus.com
Subject: XSS in Brazilian Insite products


Well i have found some XSS in insite products

Inmail -> As the name says a webmail 
Inshop -> Shopping Cart

The XSS problem founded could stole user accounts without the need of password.
I sent an e-mail long time ago telling them about this, but i get no
answers and no correction was made so...

The proof of concept i shown below:
Its important accentuate that users must be logged ON to view this
proof of concept.

But an atacker could also forge a malicious link and send it to the
victim(inmail) or make a commentary of a product(inshop) that contain
malicious codes using html and javascript.

Proof:
-----------------
Inmail:
http://target/mod_perl/inmail.pl?acao=<<h1>opss!</h1>
For the webmail we need to use two << in the beginning of the first
tag of the XSS. It looks like a filter for any tag.

Inshop:
http://hostalvo/mod_perl/inshop.pl?screen=<script>alert(document.cookie);</script>

Thanks and sorry for the bad english.

Carlos

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ