| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Sep 2010 15:38:22 -0500 (CDT) From: security curmudgeon <jericho@...rition.org> To: advisory@...ridge.ch Cc: bugtraq@...urityfocus.com Subject: Re: XSS vulnerability in Pluck : Vulnerability ID: HTB22610 : Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluck.html : Vulnerable Version: 4.6.3 and probably prior versions : Vendor Notification: 15 September 2010 : Vulnerability Type: XSS (Cross Site Scripting) : Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response : Risk level: Medium : Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) : Vulnerability Details: : User can execute arbitrary JavaScript code within the vulnerable application. : : The vulnerability exists due to failure in the : "data/modules/blog/pages_admin/newpost.php" script to properly sanitize : user-supplied input in "cont1" variable. Successful exploitation of this : vulnerability could result in a compromise of the application, theft of : cookie-based authentication credentials, disclosure or modification of : sensitive data. First off, this requires administrator credentials to exploit. Second, a Pluck administrator can already insert any content s/he desires by creating/editing a page, so there is no gain from using this intended functionality. For this attack to take place, it would really require something like a CSRF. Fortunately for attackers, it seems you guys missed the CSRF in this application that HolisticInfoSec found: http://holisticinfosec.org/content/view/154/45/ Keep up the solid research guys. - security curmudgeon
Powered by blists - more mailing lists