[<prev] [next>] [day] [month] [year] [list]
Message-ID: <479C8217.80101@lonerunners.net>
Date: Sun, 27 Jan 2008 14:07:35 +0100
From: Alessandro Tanasi <alessandro@...erunners.net>
To: bugtraq@...urityfocus.com
Subject: eTicket 'index.php' Cross Site Scripting Path Vulnerability
________________________________________________________________________________
eTicket 'index.php' Cross Site Scripting Path Vulnerability
________________________________________________________________________________
Name: eTicket 'index.php' Cross Site Scripting Path
Vulnerability
Application: eTicket
Versions Affected: 1.5.6-RC4
Severity: Medium
Vendor: eTicket, http://sourceforge.net/projects/eticket
Bug: XSS Path vulnerability
Exploitation: Client side, remote
Author: Alessandro `jekil` Tanasi
email: alessandro@...asi.it
web: http://www.tanasi.it
Date: 20/01/2008
Advisory:
http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt
________________________________________________________________________________
Table of contents:
I. Background
II. Description
III. Analysis
IV. Detection
V. Fix
VI. Vendor Response
VII. CVE Information
VIII. Disclousure timeline
IX. Credits
________________________________________________________________________________
I. BACKGROUND
eTicket is a PHP-based electronic (open source) support ticket system
based on osTicket, that can receive tickets via email (pop3/pipe) or a
web form. It also offers a ticket manager with many features. An ideal
helpdesk solution for any website.
II. DESCRIPTION
The application eTicket version 1.5.6-RC4 is prone to a Cross Site
Scripting Path vulnerability.
III. ANALYSIS
Attackers may exploit these issue through a web browser.
To exploit the cross-site scripting issues, an attacker must entice an
unsuspecting victim into visiting a malicious URI.
IV. DETECTION
Proof of concept:
http://example.com/index.php/"><script>alert('XSS')</script>
V. FIX
Properly validate user input.
VI. VENDOR RESPONSE
No vendor response at this time.
VII. CVE INFORMATION
No CVE at this time.
VIII. DISCLOSURE TIMELINE
21012008 Bug discovered
21012008 Vendor contacted
IX. CREDIT
Alessandro `jekil` Tanasi is credited with the discovery of this
vulnerability.
Powered by blists - more mailing lists