lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 01 Nov 2007 12:39:05 -0400
From: Raymond Pete <pete@...kiosk.com>
To: skienlab@...il.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Airkiosk/formlib application is XSS vuln

Had "Skein" posted to this group (bugtraq) asking for contact
information he would have received a response.  His posting here is
inaccurate and speculative.

DESCRIPTION:

The 3rd party module formlib.pl contained an error in handling/printing
of unsanitized Input data, which could lead to a malicious user
injecting code into the users displayed page via a custom generated
link, if this subroutine was called AND the users browser does not
encode the input string.

SECURITY IMPLICATIONS:

Low.  "Skein" has written separately (not on bugtraq) that the danger
was "for who want to steal cookies."  This speculation concerns sessions
in which cookies are involved.   However, the AirKiosk system does not
rely on cookies for session management.  The AirKiosk system does not
use cookies at all, and we discourage their use generally.

STATUS:

formlib.pl has been patched where applicable and possible code injection
is no longer possible.  



Raymond Pete
Operations Director, AirKiosk Systems
Sutra, Inc.

On Tue, 2007-10-30 at 00:40 +0000, skienlab@...il.com wrote:
> In the last week I've found a XSS vuln into the Sutra's Airkiosk
> application for the realtime distribution of flights/booking and
> check-in interface (www.airkiosk.com).
> 
> The XSS is possible because they are using a VULN/OLD formlib.pl in
> their application that permits to execute any JavaScript you like:
> 
>             &HtmlError("formlib.parse", "bjelli", "Error parsing $_, aborting.\n");
> 
> if you get the error 'f you need help, call bjelli.'.
> 
> 
> I suppose it can be related to this flying companies (I've only tryed it
> on Blu-express, and Jet2.com):
> 
> Aero, Jet2.com, Air southwest, manx2, airsea, republicaairways,
> blu-express, highland airways, blueisland, tobagoexpress, evolavia,
> zambian, menajet.com, snowflake, airwales and other that is can be easy
> found by searching on google.
> 
> 
> 
> 
> The maintainer (and the flying company blu-express) has been contacted
> twice via mail in the last two weeks but choose not to respond at all.
> 
> Regards
> Skien
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ