lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 12 Oct 2010 23:21:16 +0300
From: Advisory <advisory@...toliasecurity.com>
To: submit@...sec.com, bugtraq@...urityfocus.com
Subject: Collabtive Multiple Vulnerabilities

ANATOLIA SECURITY ADVISORY
------------------------------------

### ADVISORY INFO ###
+ Title: Collabtive Multiple Vulnerabilities
+ Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt
+ Advisory ID:  2010-003
+ Version: 0.65
+ Date: 12/10/2010
+ Impact: Gaining Administrative Privileges - Execute Malicious
Javascript Codes
+ CWE-ID: 352 (Cross-site Request Forgery) - 79 (Cross-site Scripting)
+ Credit: Anatolia Security



### VULNERABLE PRODUCT ###
+ Description: "Collabtive provides a web based platform to bring the
project
management process and documentation online. Collabtive is an open
source solution
with features and functionality similar to proprietary software such as
BaseCamp."
+ Homepage: http://www.collabtive.com



### VULNERABILITY DETAILS ###

I. Non-persistent Cross-site Scripting
--------------------------------------
+ Description: Application insert HTTP "y" parameter in "manageajax.php"
and HTTP "pic"
parameter in "thumb.php" into html output and fails while sanitize user
supplied these
inputs. Attackers can execute malicious javascript codes or hijacking
PHPSESSID for
privilege escalation.

+ Exploit/POC:
http://target/manageajax.php?action=newcal&y=<script>alert(/XSS/)</script>
http://target/thumb.php?pic=<script>alert(/XSS/)</script>


II. Cross-site Request Forgery
------------------------------
+ Description: Collabtive affects from Cross-site Request Forgery.
Technically, attacker
can create a specially crafted page and force collabtive administrators
to visit it and
can gain administrative privilege. For prevention from CSRF
vulnerabilities, application
needs anti-csrf token, captcha and asking old password for critical actions.

+ Exploit/POC:
http://www.anatoliasecurity.com/exploits/collabtive-csrf-xploit.txt

III. Stored Cross-site Scripting
--------------------------------
+ Description: Collabtive has Stored Cross-site Scripting vulnerability.
Every user can
change their usernames and application allows HTML codes and stores in
database.

+ Exploit/POC: Change username to "user<script>alert(/AS/)</script>".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ