lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <10c6adab04112414586bc01eb1@mail.gmail.com> Date: Wed, 24 Nov 2004 19:58:36 -0300 From: Carlos Ulver <carlos.ulver@...il.com> To: bugtraq@...urityfocus.com Subject: XSS in Brazilian Insite products Well i have found some XSS in insite products Inmail -> As the name says a webmail Inshop -> Shopping Cart The XSS problem founded could stole user accounts without the need of password. I sent an e-mail long time ago telling them about this, but i get no answers and no correction was made so... The proof of concept i shown below: Its important accentuate that users must be logged ON to view this proof of concept. But an atacker could also forge a malicious link and send it to the victim(inmail) or make a commentary of a product(inshop) that contain malicious codes using html and javascript. Proof: ----------------- Inmail: http://target/mod_perl/inmail.pl?acao=<<h1>opss!</h1> For the webmail we need to use two << in the beginning of the first tag of the XSS. It looks like a filter for any tag. Inshop: http://hostalvo/mod_perl/inshop.pl?screen=<script>alert(document.cookie);</script> Thanks and sorry for the bad english. Carlos
Powered by blists - more mailing lists