lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <63ac005e0903261743l3c08d6d1oe0f7dbb77a3dfdc4@mail.gmail.com>
Date: Thu, 26 Mar 2009 18:43:03 -0600
From: Bugs NotHugs <bugsnothugs@...il.com>
To: bugtraq <bugtraq@...urityfocus.com>,
	fd <full-disclosure@...ts.grok.org.uk>
Subject: Aurora Nutritive Analysis Module Multiple XSS

- Aurora Nutritive Analysis Module Multiple XSS

- Description

"Aurora's FoodPro is a total food production, planning and control system that
provides start-to-finish control from raw food through production, service, and
analysis. It provides historical, as well as current and projected data, in
terms of food usage, costs, operating margins, and service."

Aurora's FoodPro has a 'Nutritive Analysis Module' that provides the capability
to analyze ingredients, recipes, and menus by nutritive components.

Two scripts in this module suffer from cross-site scripting vulnerabilities that
can be exploited without authentication. The 'nutframe.asp' and 'Menusamp.asp'
scripts do not sanitize input supplied to the 'locationName' variable.

- Product

Aurora Information Systems, Nutritive Analysis Module, unknown version

- PoC

http://[site]/FoodPro/nutframe.asp?sName=Hi&locationNum=10&locationName=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%68%69%27%29%3B%3C%2F%73%63%72%69%70%74%3E&naFlag=1

http://[site]/foodpro/Menusamp.asp?sName=Hi&locationNum=07&locationName=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%68%69%27%29%3B%3C%2F%73%63%72%69%70%74%3E&naFlag=1

- Solution

None

- Timeline

2008-06-06: Vulnerability Discovered
2008-07-07: Disclosed to Vendor (no ack)
2008-10-05: Mail re-sent to Vendor (no ack)
2009-03-26: Disclosed to Public (no more playing nice)

--

BugsNotHugs
Shared Vulnerability Disclosure Account

Powered by blists - more mailing lists