lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 4 Aug 2011 03:50:54 -0300
From: Advisories PontoSec <advisories@...tosec.com>
To: bugtraq@...urityfocus.com
Subject: Community Server - Stored Cross-Site Scripting in User's Signature

Community Server - Stored Cross-site Scripting in user's signature.

- Product description:
Community Server is a communities and collaboration web application
developed by Telligent.
It uses ASP.NET platform (C#) and Microsoft SQL Server database. From
it's 5.0 version, the software was renamed to Telligent Community.


- Vulnerability Details:
It is possible to insert scripts (Cross-site Scripting) in user's
signature, using BBCode Tag's processing errors.


- Proof of Concept:
Set an user's signature to:

[img]invalid.jpg[url= onerror=alert(1) z=] a[/url][/img]

An alert will be show in every topic the user posts in and also in its profile.


- Affected Versions:
Community Server 2007
(may affect others)


- Unaffected Versions:
Telligent Community 5.x or earlier


- Timeline:
[05/25/10] Vulnerability details sent to address for security related
contacts present at company's website, although the address did not
exist.
[05/26/10] Ticket opened asking for contact to send off vulnerability details.
[05/26/10] Ticket's answer received, containing e-mail for the sending
of vulnerability details.
[05/26/10]Vulnerability details sent.
[05/26/10] Answer received informing that vulnerability did not exist
on latest versions of the product.
[07/15/11] Advisory published.

- Credits:
PontoSec - Segurança da Informação < http://www.pontosec.com > -
Researcher: Gabriel Lima (gabriel <at> pontosec.com)

Powered by blists - more mailing lists